F44 is safe as the kernel is greater than 6.18.22

Without read permissions you cannot execute the binary, that would not make any sense.

To execute the binary it needs to be read from disk and loaded into memory.

In fact if you have read permissions but not executable permissions on a specific binary then you can still execute it by calling the linker directly /bin/ld.so.1 /path/to/binary (the linker will read and load the binary and then jump to the entry point without an exec() call)

> Without read permissions you cannot execute the binary

This is not correct, as when the binary is setuid-someone-else, you are not the one executing it; they are.

  $ cat hello.c 
  
  #include <stdio.h>
  
  int main(void)
  {
      (void) puts("Hello, world!");
      return 0;
  }
  
  $ clang-21 -Weverything hello.c -o hello
  $ sudo chown root:root hello
  $ sudo chmod 4711 hello
  
  $ ls -l hello
  -rws--x--x 1 root root 16056 Apr 30 22:22 hello
  
  $ ./hello
  Hello, world!
  
  $ id
  uid=1000(aaron) gid=1000(aaron) groups=1000(aaron),27(sudo),46(plugdev),100(users)

Removing world-readability from all setuid-root binaries on the system would be sufficient to kill the PoC script provided for this vulnerability. It would not be sufficient to prevent exploitation though; there are many ways to abuse the ability to write to files you have read access to in order to gain root, for example by using the vulnerability to alter the cached copy of a file in /etc/sudoers.d/, or overwrite /etc/passwd, or /etc/crontab, ... the list goes on.

interesting but in that case no point in keeping the x bit either and suid binaries should just be 4700 ?

If they don't have world-execute permission, an access(2) check for executability would return negative, leading to things like shells not tab-completing it. The kernel would also deny attempting to execute it, as it is not executable for your fsuid.

  $ sudo chmod 4700 hello
  $ ./hello
  bash: ./hello: Permission denied

You need execute access in order to launch it, but in order for it to run, the user it is running as (not you) needs read access; you don't.

this ld.so magic will lose the suid bit

    $ /bin/ld.so `which sudo`
    sudo-rs: sudo must be owned by uid 0 and have the setuid bit set

loader

Disagree because to run the PoC you really ought to understand what it’s doing.

And this code is not readable at all. It is failing at letting people confirm the exploit easily.

>Disagree because to run the PoC you really ought to understand what it’s doing.

that is contained in the report, which will look similar to the blog. the maintainers will have an open line of contact with the reporters as well. the poc is a small part of the entire report. its not like the linux maintainers only received this poc and have to work out the vulnerability from it alone.

>It is failing at letting people confirm the exploit easily.

it confirms the exploit incredibly easy. just run it, and you get confirmation.

what the blog says and what the code does are two different things.

For all I know the blog itself is a honey pot. I need to know what the code does before I run it.

>I need to know what the code does before I run it.

its literally code meant to exploit your system. you should be running it in an environment built for that already.

you dont test exploit pocs on your daily driver.

> you dont test exploit pocs on your daily driver.

Do you just like making fake points and pretending other people said them?

go ahead and explain your point, rather than be cryptic, if you you want to have an actual conversation about it.

you said "I need to know what the code does before I run it.".

you know its an LPE. the mechanisms of the exploit are fully explained. what more do you need to know? please imagine yourself in the position of the kernel security team who would have received this poc in the first place when you answer, because that is the intended context of the poc.

if you think the kernel security team is going to get tripped up over "os as g", you have a crazy low view of the team.

While your at it you can enter your credit card details to see if they've been leaked.

Agreed lmao the PoC itself looks like you’re getting attacked

Which I guess is true but I would like to verify the attack is the intended one

You’d have to reinstall the su binary itself I guess

It just changes the page cache for the su binary, a reboot will revert it.

No need to reboot:

sync && echo 3 >/proc/sys/vm/drop_caches

No, Android doesn’t have suid binaries to exploit like in the PoC

The vulnerability can also be used on any binary that is already running as root and you can open for reading. So yes, any android app can now escalate to root if android has the vulnerable module.

Unfortunately another comment thread here says that it doesn't.

there’s barely any hacking here

the guy found this through looking at the firmware but nmap -p 22 would have also found this

So like the first thing you would do to attack the device

I found an issue exactly like this on an ISP-provided router. I am nowhere near geohot but also didn’t even do as much as the guy in the article lmao

to me this is just normal to do with your devices. I think it’s interesting because it has no fw signing etc and because they left ssh, not because of figuring out how to do the patching.

It was. Not anymore. See: layoffs.

Also Google has a whole YouTube inside of it

I am convinced Mark Zuckerberg does more harm than good for Facebook

like literally they lucked out on the landing the business model early but it feels it has been in an ongoing decline and everything else they have tried has failed spectacularly (and particularly things Mark has put his whole weight behind)

They never became anything more than the ad company

Alright, apart from Instagram, WhatsApp, Llama 1 & 2 and somehow managing to sell nearly 10M less nerdy google glasses what has Zuck done for FB?

Pretty sure they bought Insta and Whatsapp. I mean, that's not nothing, buying a successful business and keeping it successful for over a decade. But neither Zuck nor Meta made those platforms; they were both established successes in their own right before acquisition.

> keeping it successful

I’m no Zuck fan, but he’s done much more than keep them successful, they have grown a lot.

I remember everyone making fun of him for overpaying for IG and WA. Now both in hindsight look like amazing acquisitions.

The "amazing acquisitions" should be antitrust. Whatsapp is a non starter given what Brian Acton reported. I'll never use it. People widely report they ruined Instagram and Zuck came back furiously explaining in an email chain later "oh sorry I didn't mean to say we're killing the competition" probably after a lawyer scolded him

This is the case with most tech companies. Google bought Android, YouTube, DoubleClick, Maps, etc. etc.

Although in this case Meta bought companies that were already established and successful.

Google bought Android before it had released products.

Google Maps was purchased, but was Where 2 actually a successful product prior to that?

I feel like you just cherry picked from my examples. YouTube was certainly successful - Google bought them because their own Google Video competitor was a flop. DoubleClick was also obviously huge. Where 2 had a successful product, it just wasn't web based (nor do I think free), so didn't have anywhere near the distribution that Google enabled once the team ported it to run in a browser.

I think there is a difference in at least degree here (maybe in kind, idk) that's lost by lumping them purely on acquisition or not, but I do largely agree with your point.

But just wanted to correct for the historical record:

> Where 2 had a successful product, it just wasn't web based (nor do I think free), so didn't have anywhere near the distribution that Google enabled once the team ported it to run in a browser.

Where 2 did not have a product, successful or not. They were an unreleased demo looking for investors and luckily got into a room with Larry Page of 2004.

Indeed, I think they used bad examples as neither Android or Where 2 were successful, but it also shows that Google has done a mix of buying something successful to fill a gap or find someone with a good tech that they help to get over the line and make successful.

Meta has not shown the second part.

I "cherry picked" from your examples because they weren't really good examples.

You said

> buying a successful business and keeping it successful for over a decade.

Meta bought already successful companies.

Google has purchased successful businesses, but they also purchased companies that weren't and managed to get them into massive money makers.

Only The Zuck saw the value though. Why didn't MS, Amazon or Google buy insta? Or some Softbank vehicle?

I’m sure the others saw the value too. It just wasn’t worth as much to them as Zuckerberg was prepared to pay. Not surprising given it’s a service that directly competed with FB in the social space.

Probably because Instagram wasn't a direct competitor to any of those other companies (except maybe Google+, which wasn't even a year old at the time that FB bought Instagram). I don't know why softbank didn't get them.

Instagram had around 10mn users at acquisition, so they might not have gotten to where they are without FB. Whatsapp was a successful product that didn't make any money.

They used the Facebook app to spy on smartphone users and detect Instagram and WhatsApp success to decide to buy them.

One step further. Besides Facebook itself whqt has zuck been visionary about ? Instw and WhatsApp was bought. He thought chatbots was the thing in ‘17, then abandoned it for VR and metaverse, all the while chatbots start taking off. Every time he’s in an interview he talks like he’s some savant, really he got lucky with fb and done nothing since

Let’s go another step further!

The continual success of fb and instagram has not come from zuck but through glorified A/B testing on steroids whilst lighting employee’s asses on fire each quarter to move the metrics. Visionary genius? My ass. Only Steve Jobs proved he is worthy of that title.

Bro is a fraud. He always was - remember he stole the idea for fb. Thankfully he’s getting found out.

i argue that most ideas aren't necessary novel, so stealing idea isn't necessary bad.... e.g. i don't think google search was entirely novel, but was well executed.

honestly - meta has built quite a lot of cool things, but c-suite is probably to be blamed for what's going on today.

No the strategy of having a professional looking social space in the web, specifically focused on college folks solely was novel - this is what he stole and without this it wouldn’t have gotten to the place of success it is today. Knowing about the technology is no good without a solid strategy - with a solid strategy anyone can raise the funding to go build it. It’s easy to know what to build when you have a vision specifically of what you’re building into.

Nobody else has this targeted focus.

Search was not novel, but PageRank was novel.

was it actually? I don't know the full technical behind this but wiki does suggest: "A search engine called "RankDex" from IDD Information Services, designed by Robin Li in 1996, developed a strategy for site-scoring and page-ranking.."

This is before Google.

Correct

Stealing an idea is different from lying to people in order to steal their actual business, which is more like what Zuckerberg did.

Did he really steal the idea? I thought the idea was just a message board for Harvard students. That isn’t novel.

If he didn’t steal anything why did winklevoss and another person at Harvard involved in the original project get a pay off…?

Do we really need to discuss this? He tried to screw another founder - the Brazilian - who got a pay off and now has a reported net worth in the billions.

The original idea was this:

>I almost want to put some of these faces next to pictures of farm animals and have people vote on which is more attractive.

Lots of things, but he then chucked all the profits at a stupid idea that he even renamed the company for.

Look at Meta's profits by year.

Meta profits are good but they’re closing in on the $100 billion dollar mark in their Meta Quest/AI fiasco just because you can afford it doesn’t mean you should do it. See another company called Oracle for a similar path.

build and tear down metaverse. zero sum.

The transition to mobile-first was a good call. Probably the last good call though. Oh, and buying Instagram.

And WhatsApp. And the VR glasses seem to be a success.

And whatsapp.

I think it’s hard to not have any kind of boss. There’s nobody to provide the critique needed to improve the products.

> to improve the products.

Meta had ~100B in EBITDA (or 60B in net income) for 2025. What critique does he need from a product/business standpoint?

Everyone has clients and if your employees aren't incompetent sycophants they can give you actionable feedback.

Not a commentary on Zuck specifically, but many powerful people with fragile egos build an inner circle of incompetent sycophants

My favorite story from "Careless People," was when his team let him cheat and ultimately win at Settlers of Catan.

My favorite story from "Careless People," was when his team let him cheat and ultimately win at Settlers of Catan.

Very true the White House currently is an example of that.

I mean he’s got boz in his circle - is that short for bozo?

The only good things at Meta are the things they bought (Whatsapp and Instagram). They haven't made anything original in a long long time.

Besides selling democracy for pennies on the dollar, Zuckerberg knew what to buy before everyone else knew what it was worth.

In 2012, everyone around me was lauging at the absurdity of a 0 revenue photo app getting acquired for $1bn. My peers/superiors in the ad business thought Facebook would flail in digital marketing. Oops.

The metaverse might be a big pile of bollocks, but isn't the whole point of being a billionaire to indulge peculiar unpopular obsessions?

No he bought everything out of paranoia to shut out competition.

They tried organically to replicate instagram etc but they failed even though they had wayyyy more resources. Their attempts sucked. So their approach was to target for acquisition or copy features if they couldn’t.

There’s plenty of evidence of this re. His comms around those events.

Only someone who had so much luck in finding a product that clicks, would know the worth of buying such a product

Zuckerberg copied Snapchat like... 5 times at least? It should have signified to EVERYBODY he has sociopath-like behavior (in fact apparently on the Zuckerberg-owned Instagram, Snapchat content got demoted, or something) and how he is absolutely the same person that was willing to fuck the Winklevosses ("in the ear")

But I suppose that doesn't count because Winklevii "never would have come up with anything anyway"

Edit: https://news.ycombinator.com/item?id=21114106