Remix.run Logo
jsiepkes 3 hours ago

If this is a local privilege escalation to root, why can't I find anything on https://www.openbsd.org/security.html ?

justthehuman 3 hours ago | parent | next [-]

Best guess, from the commit message alone[0]: It was fixed as a bug, at the time they didn't have evidence it could lead to LPE

The AI security tool then, retroactively discovered that it could have been used for LPE.

Again, just my guess I could be wrong.

[0] https://github.com/openbsd/src/commit/1957873d2063db11dab780...

stackghost 3 hours ago | parent | prev [-]

OpenBSD has a reputation for being... selective about what they admit is a security-relevant bug.

seethishat 2 hours ago | parent [-]

They appreciate technical correctness and they do not exaggerate. Most 'security researchers' are not technically correct and they exaggerate a lot (seeking fame and all).

Dismissing their claims is not being selective, it's just the right thing to do.

2 hours ago | parent [-]
[deleted]