this post was submitted on 30 Apr 2026
133 points (97.8% liked)

Technology

84322 readers
3560 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
133
There is a new linux vulnerability that allows every unprivileged user to become root super easily (copy.fail)
submitted 3 days ago by Zenlix@lemmy.ml to c/technology@lemmy.world
14 comments fedilink hide all child comments
top 14 comments
sorted by: hot top controversial new old
[–] bjoern_tantau@swg-empire.de 47 points 3 days ago (2 children)

Ugh, another new "sudo" clone.

[–] ryannathans@aussie.zone 17 points 3 days ago (1 children)

Much smaller than sudo

[–] RiceMunk@sopuli.xyz 20 points 3 days ago (1 children)

surprise new linux feature: Much more space-efficient sudo command

[–] LedgeDrop@lemmy.zip 6 points 3 days ago (1 children)

... 'cause I always keep forgetting my password.

I am curious to see if/how this'll open up some android devices.

[–] Codilingus@piefed.social 1 points 3 days ago

My brain was too moosh for the technical reading, but I saw GrapheneOS say they're immune to it. So probably not good for regular Android, lol.

[–] corsicanguppy@lemmy.ca 3 points 3 days ago

They rolled their own ~~encryption~~ sudo.

[–] Corngood@lemmy.ml 18 points 3 days ago (2 children)

It feels weird that it has it's own domain name and slogan. I get that there's a promotional aspect to it, but it seems a bit much.

[–] Rossphorus@lemmy.world 6 points 3 days ago

This is not uncommon for high-profile CVEs. For example, brokenwire.fail, heartbleed.com, spectreattack.com, etc..

[–] bookmeat@fedinsfw.app 1 points 3 days ago

They had a month to set it up.

[–] Dadifer@lemmy.world 20 points 3 days ago

In the writeup, they say there's multiple other vulnerabilities on this attack surface, but they're still working on responsible disclosure.

[–] MasterNerd@lemmy.zip 9 points 3 days ago (1 children)

Hmm seems like that report is AI generated

[–] thesmokingman@programming.dev 6 points 3 days ago

It is. The vuln itself was found with guidance of an AI tool. Doesn’t make the vuln any less bad. Does make Xint look really shitty for constantly shilling with boilerplate AI instead of a good human analysis (or at least something above boilerplate).

[–] corsicanguppy@lemmy.ca 5 points 3 days ago (1 children)

Only if you enable the mode for rootless containers. If you run more safe, this thing is apparently impotent.

No containers here, no cry.

[–] timwa@lemmy.snowgoons.ro 2 points 3 days ago

Where are you getting that from? That's not the case at all.