IIUC, this is just another case where unprivileged users are now allowed to do w... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ncmncm on March 29, 2022 \| parent \| context \| favorite \| on: Linux: Vulnerabilities in nf_tables cause privileg... IIUC, this is just another case where unprivileged users are now allowed to do what once was allowed only to superusers. As long as only root was allowed to add net filter rules, what did it matter if they could do bad stuff? They're root already! Now, in places where security didn't matter, it suddenly does. Thus, it's not about bad coding habits, but inadequate care in extending privileges to untrusted users. The code should have been cleaned up first.

staticassertion on March 29, 2022 [–]

No it's both. There's a ton of issues like overflows in the kernel but people have prioritized looking at unpriv -> kernel or unpriv -> root, and not root -> kernel. Now many of the root -> kernel vulns are unpriv -> kernel.

The issue is still the code, it's just the impact that has changed.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact