WTF, is this for real??

Author Content

May 02, 2006
1:44 PM EDT
This isn't a press release, it must be satire.

"This flaw, caused by something as seemingly harmless as a missing closing parenthesis, allowed local users to execute code with root privileges, giving them the ability to overwrite system files or initiate denial of service attacks. "

ZOMG!!! Local user escalates privileges!!! That's the "BIGGEST X WINDOW SECURITY HOLE SINCE 2000"?

**edit** OK I really goofed this up. But it only took me 15 minutes to fix it! I'm better than the team! Or maybe punctuation marks are more difficult than letters? **edit**

And then it took them a week to fix the " a missing parenthesis"? (this is wrong) And then it took them a week to fix the "missing parenthesis"? (this is correct)

May 02, 2006
2:02 PM EDT

I checked and there is no mention of this on The Onion. They must be serious, at least within the context of that alternate reality that the authors of press releases all seem to live in.

But surely somewhere in that network transparent monster that we all know and love, and that takes all night to compile on a fast machine, there is a line of code somewhere that allows more than a local privilege escalation. (And I guess the big news is that Coverity missed it, because I can't believe that Xorg is really *that* good.)

May 02, 2006
2:42 PM EDT
Ah, silly me, I have forgotten how to do proper research. I was looking for security bulletins and bug reports. Of course checking the Onion should have been the first step. :)

May 02, 2006
4:55 PM EDT
tuxchick2: Also on

May 02, 2006
5:26 PM EDT
Grouch, great comment on LWN. :)

It's still a stupid story and a big free commercial for Coverity.

May 02, 2006
6:25 PM EDT
tuxhick2: TY.

Sure it's a big free commercial, but what better commercial than a report about the product working as advertised?

'According to Daniel Stone, a release manager for the X.Org Foundation, the vulnerability was one of the most significant vulnerabilities discovered in recent memory, “something that we find once every three to six years and is very close to X’s worst case scenarios in terms of security.'

That's essentially an endorsement by someone aided by the product who wasn't even the customer. I just can't fault Coverity for publicizing this accomplishment.

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!