Comments on: Linux groups patch image flaw
Common code used to process graphics has a flaw that could allow an attacker to issue commands as the user.
Most Popular
Latest tech news headlines
- RockYou sued over data breach
December 30, 2009 4:14 PM PST
- Job ad suggests Xbox Live headed for WinMo phones
December 30, 2009 2:31 PM PST
- Green-tech venture investing cools off in 2009
December 30, 2009 1:33 PM PST
- See all headlines
RSS Feeds
Add headlines from CNET News to your homepage or feedreader.
More feeds available in our RSS feed index.
- Markets
Related quotes
a Linux kernel flaw. The OS kernel generally doesn't
process images, so, I was a little confused when I
first read the title. It is like saying an Adobe
image library vulnerability is a Windows problem.
Not quite accurate. One can always develop an
application or library to circumvent the system,
it isn't necessarily the OS's fault.
I am amazed that MS came out with a fix to this vulnerability before the Linux community did!
I guess even MS can work quickly to fix a problem if you light enough matches under their feet! :)
- Story incorrect, comments worse
- by December 9, 2004 10:29 AM PST
- Versions of GNOME in the 1.x series are affected by the imlib vulnerabilities discussed in this article, however, GNOME 1.x is not a "recent" version of GNOME by any stretch of the imagination. The 2.x series (which there have been four "minor" series of in the past two and a half years) does not use imlib, and the only distribution which continues to ship GNOME 1.x is debian woody (which will be replaced by sarge in a short while).
- Like this Reply to this comment
-
-
- Article is not wrong
- by David Arbogast December 9, 2004 12:21 PM PST
- The article does in fact state that this vulnerabilty exists in older Gnome packages. Its in the first paragraph, so there is nothing wrong with the assessment.
- Like this
-
- closed source world
- by Ubber geek June 6, 2007 7:41 AM PDT
- http://www.analogstereo.com/cassette_deck_nakamichi_bx_300.htm
- Like this
-
(18 Comments)To compare GNOME 1.x and 2.x is roughly equivalent code-wise to comparing Windows NT4 to Windows 2000, or Windows 95 to Windows 3.1. Most of the code has been changed and rewritten, and all of the image handling (which this bug is an instance of) has. If you want a rough parallel, this is similar to discovering a bug that only occurs in Windows NT4 and claiming it affects "recent" versions of Windows.
I should note, regarding the comments, that this particular security issue was discovered as a result of independent code auditing by a random user of the imlib library--something that is legally impossible in the closed source world, unless you feel like paying money and signing all types of NDAs, which would almost certainly preclude disclosure of this type of vulnerability -- which means that even if somebody paid the money to see the code and found a vulnerability like this, you probably wouldn't hear about it until after an update is ready or someone *else* tests things the hard way and discovers the same issue independently. Further, unless you are doing something dumb, like running as the "root" user (Administrator in Windows NT/2k+/XP), this bug will only affect *your* user, and not the entire system. Finally, this issue has never been exploited (to my knowledge) "in the wild", merely in some guy's apartment.
James Cape
http://esco.mine.nu/
Just like flaws in older versions of Windows give anti-MS folks a reason to flame the software company, flaws in older versions of Linux are likewise targets for criticism. Why? Because there is still an affected install base. The difference, is that each distributor of Linux is working to patch the problem, meaning that different distros have different security problems at any given time.
Sure... somebody found this flaw a few years after it was created, in their own home. Something that could not be done with code from a closed-source system. You are correct. Of course, it is only a matter of luck that the person was willing to report the flaw instead of exploiting it.