I found the following vulnerability very interesting. Not the fact that it bypasses SELinux / AppArmor, etc. which is interesting in itself but the fact that according to the description, the compiler removed an “if” block it thought was redundant and thus introduced the vulnerability.

So, the developer actually wrote perfectly secure code but in the compilation process, the vulnerability was introduced. I love it! This time it’s the machine’s fault!

Tags: ,