> Any setuid-root binary readable by the user works.
Interesting detail. On Alpine, `/usr/bin/su` is not readable by any user, so the PoC doesn't work.
I suspect that the underlying issue can be exploited in other ways, but it makes me think that there's no reason for any suid binary to be world-readable.
https://postmarketos.org is working on developing a Linux distribution for mobile devices (including smartphones), aligned with these goals: free open source software, empowering users to control their own devices.
I won't deny that a lot of application support still needs more work. But this is definitely moving in the right direction.
Devils advocate here: I can give you a binary of my open source MIT code and never phone you the code. The code is still MIT licensed, and open source. You just have no access to it.
That said, I entirely agree that MS is misrepresenting their openness here, which isn’t in the least surprising.
I don't disagree, but it is perfectly acceptable per the MIT license, which is an OSI approved license. MIT doesn't require source distribution with the binary (which is why from the developer perspective, it's a more "permissive" license)
The license describes what users are allowed to do with the source code, it doesn’t (and shouldn’t) define what a creator has to do to make the source code open.
Then it sounds like you're philosophically opposed to copyleft license like GPL. That's ok, we can agree to (in my case vehemently) disagree, but your philosophy is inconsistent with the commonly accepted definition of "open source" such as OSI's OSD[1][2]
I think you completely misunderstand me. I don’t have any opinion on GPL, but in the links you shared, even OSI considers the license to be separate from the definition of open source “Open source licenses are licenses that comply with the Open Source Definition”. You can use a license that open source projects use (ie MIT), and still keep the source closed, or you can write one that puts obligations on you if you want. In fact, you can use or write pretty much any license you want if you own the copyright.
In their defense, most everyone else does the same thing. They still shouldn't do it, but at least they're not the trendsetter here (though they are contributing to the ongoing problem)
AFAIK, Wi-Fi Aware / Neighbourhood Aware Networking is basically the "standardised" version of AirDrop, and as of 2025, iOS's Airdrop transparently inter-operates with it.
Right, the first two steps are what make AirDrop, "AirDrop". This isn't an alternative at all if it requires both devices to already be connected to the same WiFi.
AirDrop is fantastic for sharing files with people you don't know/just met - if we have to find and agree to join the same wifi before we interact we are no longer talking about the same feature.
If Apple's AirDrop implementation had required people to join the same WiFi first, the feature would never have taken off the way it has among non-techy users. I'm still today mildly surprised I can use AirDrop as a verb in conversation and most of the time the other party knows what I mean.
AWS has deletion protection for databases, and you have to make a separate call to disable it first. Deletion is rejected if you don’t disable that protection.
> while Ctrl is the modifier used at an application level.
DE features don't matter at all outside of cmd-tab and whatever the equivalent of spotlight is. The application level is the main modifier, and changing them all to cmd is essentially impossible at this point. A detail Haiku got just about perfect, I think.
Either way, ctrl as a gui modifier is a dealbreaker for me. It also breaks the use of readline keybindings for text entry.
Interesting detail. On Alpine, `/usr/bin/su` is not readable by any user, so the PoC doesn't work.
I suspect that the underlying issue can be exploited in other ways, but it makes me think that there's no reason for any suid binary to be world-readable.
reply