From BeepingComputer.
A new Linux vulnerability known as ‘Looney Tunables’ enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library’s ld.so dynamic loader.
It’s always memory management
It’s always memory management
No wonder everyone’s crazy about Rust.
It’s certainly why it is being used to build browsers and OSs now. Those are places were memory management problems are a huge problem. It probably doesn’t make sense for every match 3 game to be made in Rust, but when errors cause massive breaches or death, it’s a lot safer than C++, taking human faulability into account.
Question would be rather: why is something like C++ needed for such simple apps?
C++ seems to be in that weird in-between place of offering high level features to be reasonable productive, but still doesn’t enforce/guarantee anything to make these features safe. I’d argue, very few programs need that. Either you’re writing business stuff, then you want safety (Java, C#, rust), or you’re writing embedded/low level stuff, then you want control (C, ASM).
The room for “productive, but not interested in safety” is basically just AAA games, I guess.
I wonder if this could be used to root previously unrootable Android based devices.
Android doesn’t use glibc, but Bionic, a C standard library developed by Google. So I don’t think this vulnerability affects Android.
What the heck. I thought, they were using musl.
Certainly seems like this has rather similar goals to musl…That’s no reason for Google not to reinvent the wheel…
They did the same with dalvik and ART now. JVMs, but more googlier!
