[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article-why-linux-kernel-security-still-fails-default-installs-zh":3,"article-related-why-linux-kernel-security-still-fails-default-installs-zh":31,"series-research-d580b00b-e2e7-4222-add6-4a37e5095d1c":83},{"id":4,"slug":5,"title":6,"content":7,"summary":8,"source":9,"source_url":10,"author":11,"image_url":12,"cover_image":12,"category":13,"language":14,"translated_content":11,"related_article_id":15,"keywords":16,"key_takeaways":23,"views":27,"created_at":28,"published_at":29,"topic_cluster_id":30},"d580b00b-e2e7-4222-add6-4a37e5095d1c","why-linux-kernel-security-still-fails-default-installs-zh","為什麼 Linux Kernel 預設安裝的安全性仍然失敗","\u003Cp data-speakable=\"summary\">Linux 預設安裝仍然太容易被核心漏洞直接升權成 root。\u003C\u002Fp>\u003Cp>我認為，Linux kernel 的安全性在預設安裝上仍然失敗，因為一個本地漏洞太常能直接變成 root，而這不是邊緣案例，是主流發行版的日常風險。Qualys 指出，CVE-2026-46333 潛伏了九年，從 2016 年一路活到 2026 年，影響 Debian、Fedora、Ubuntu，還能讓未授權本地使用者讀取敏感檔案，甚至以 root 執行命令。這代表「本地」不等於「低風險」，在核心權限路徑出錯時，它就是整台主機淪陷。\u003C\u002Fp>\u003Ch2>第一個論點\u003C\u002Fh2>\u003Cp>核心層的權限錯誤不是單一程式的缺陷，而是整台系統的失守。Qualys 把 CVE-2026-46333 指向 __ptrace_may_access()，這是決定誰能檢查誰的\u003Ca href=\"\u002Fnews\u002F5-reasons-mlops-community-2-0-matters-zh\">關鍵\u003C\u002Fa>函式。一旦這條判斷鏈失準，攻擊者碰到的不是某個應用程式，而是整個 Linux 信任機制的入口。這種 bug 的本質就是全域性的，因為它跨過了 user space 與 root 之間最重要的邊界。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779818769939-lv4a.png\" alt=\"為什麼 Linux Kernel 預設安裝的安全性仍然失敗\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>影響也不是抽象的。Qualys 直接提到，攻擊者可讀取 \u002Fetc\u002Fshadow、竊取 SSH host private keys，並透過 chage、ssh-keysign、pkexec、accounts-daemon 等路徑執行 root 命令。這不是「拿到一點資訊」而已，而是能接上持久化、憑證外洩與橫向移動的完整攻擊鏈。對\u003Ca href=\"\u002Fnews\u002Fwhy-devin-ai-is-overrated-software-engineer-zh\">工程師\u003C\u002Fa>來說，這類漏洞的嚴重性不該看 CVSS 分數，而該看它能不能把一個本地 shell 變成整台機器的控制權。\u003C\u002Fp>\u003Ch2>第二個論點\u003C\u002Fh2>\u003Cp>九年才被發現，已經說明修補節奏不等於安全。若一個權限管理 bug 能從 2016 年一路留到 2026 年，還被主流 distro 預設帶進生產環境，那就表示產業不能再把「有更新就安全」當成策略。更新是必要條件，不是充分條件，因為真正的問題在於：這些深層權限路徑太難被完整測試，也太容易被忽略。\u003C\u002Fp>\u003Cp>同一週還有 PinTheft 的 PoC 被公開，這是另一個本地提權問題，牽涉 RDS、io_uring、可讀取的 SUID-root binary，以及 x86_64 payload 支援。漏洞不同，教訓相同：現代 Linux 的安全失敗，正堆積在那些防守者很少直接審查的子系統裡。問題不是某一個壞 commit，而是整個核心裡太多深層 privilege path 仍然能把 local user 推到 root。\u003C\u002Fp>\u003Ch2>反方可能怎麼說\u003C\u002Fh2>\u003Cp>反方最強的說法是：核心這麼大，漏洞不可避免，而且 Linux 生態確實會補救。發行版通常會快速釋出更新，研究人員也會公開細節，臨時緩解措施像是把 kernel.yama.ptrace_scope 調到 2、更新主機金鑰、檢查暴露期間可能留在記憶體中的管理資訊，這些都是真實且負責任的應對。換句話說，系統不是不修，而是修得還算快。\u003C\u002Fp>\n\u003Cfigure class=\"my-6\">\u003Cimg src=\"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779818760014-c1g4.png\" alt=\"為什麼 Linux Kernel 預設安裝的安全性仍然失敗\" class=\"rounded-xl w-full\" loading=\"lazy\" \u002F>\u003C\u002Ffigure>\n\u003Cp>但這個 دفاع只成立在一個前提上：組織能在漏洞被利用前迅速修補，且能一直信任所有本地使用者。現實不是這樣。暴露窗口本身就是風險窗口，只要不受信任的 local user 已經在機器上，主機就已經站在失守邊緣。真正該做的不是期待 patch 速度拯救一切，而是減少本地升權路徑、收斂模組與服務暴露，並降低憑證在記憶體與磁碟上的殘留。\u003C\u002Fp>\u003Ch2>你能做什麼\u003C\u002Fh2>\u003Cp>如果你是工程師、PM 或創辦人，請把 local Linux privilege escalation 當成主威脅處理：核心更新要立即上線，停用不必要的模組與服務，能相容就把 ptrace_scope 提高到 2，外洩後立刻輪替 SSH host keys，並盤點所有 SUID-root 與處理憑證的路徑。若你的環境允許不受信任的本地使用者，就\u003Ca href=\"\u002Fnews\u002Fmcclain-veterans-need-votes-not-salutes-zh\">不要\u003C\u002Fa>再假設「只是本地」；對預設安裝來說，一個核心漏洞就足以把整台主機翻成 root。\u003C\u002Fp>","Linux 預設安裝仍然太容易被核心漏洞直接升權成 root，問題不在個別 bug，而在權限路徑與修補節奏都跟不上攻擊面。","thehackernews.com","https:\u002F\u002Fthehackernews.com\u002F2026\u002F05\u002F9-year-old-linux-kernel-flaw-enables.html",null,"https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1779818769939-lv4a.png","research","zh","7c749fe2-7383-4170-8ca9-15778970037a",[17,18,19,20,21,22],"Linux kernel","default install","local privilege escalation","root compromise","ptrace","security posture",[24,25,26],"預設安裝上的本地漏洞，常常就是整台主機的 root 風險。","九年未被發現的核心提權 bug，證明只靠例行修補不夠。","降低本地升權路徑，比事後補丁更接近真正的防禦。",3,"2026-05-26T18:05:25.523745+00:00","2026-05-26T18:05:25.311+00:00","09d8bca1-8461-4544-8536-f6f68192ffc6",{"tags":32,"relatedLang":42,"relatedPosts":46},[33,35,37,39,40],{"name":17,"slug":34},"linux-kernel",{"name":20,"slug":36},"root-compromise",{"name":18,"slug":38},"default-install",{"name":21,"slug":21},{"name":19,"slug":41},"local-privilege-escalation",{"id":15,"slug":43,"title":44,"language":45},"why-linux-kernel-security-still-fails-default-installs-en","Why Linux Kernel Security Still Fails on Default Installs","en",[47,53,59,65,71,77],{"id":48,"slug":49,"title":50,"cover_image":51,"image_url":51,"created_at":52,"category":13},"f374155a-c29e-478c-b7a5-679cad1c51e4","crdts-keep-replicas-in-sync-without-locks-zh","CRDT 讓副本不用鎖也能同步","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781011086259-4p4k.png","2026-06-09T13:17:34.493426+00:00",{"id":54,"slug":55,"title":56,"cover_image":57,"image_url":57,"created_at":58,"category":13},"4b3b5a50-45b7-4238-a38b-160f82e323ff","post-deterministic-systems-autonomous-infra-zh","後決定性分散系：自治基礎設施新框架","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1781010194792-5ogb.png","2026-06-09T13:02:32.717551+00:00",{"id":60,"slug":61,"title":62,"cover_image":63,"image_url":63,"created_at":64,"category":13},"04e45398-9814-4907-b416-fcb5b8d69508","causal-learnability-formal-language-tasks-zh","用因果法量化任務可學性","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780987696075-l4g0.png","2026-06-09T06:47:34.438642+00:00",{"id":66,"slug":67,"title":68,"cover_image":69,"image_url":69,"created_at":70,"category":13},"75bcc569-5e89-45c8-b809-6f169e929f4b","rl-training-hands-off-control-gradually-zh","RL 先接管再放手","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780986786312-03yo.png","2026-06-09T06:32:32.849589+00:00",{"id":72,"slug":73,"title":74,"cover_image":75,"image_url":75,"created_at":76,"category":13},"e3ecab4b-7cc7-4246-baf6-e1c170d86ca5","omnigamearena-vlm-game-agent-benchmark-zh","OmniGameArena 讓 VLM 遊戲代理更好比","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780985893022-70pl.png","2026-06-09T06:17:32.189729+00:00",{"id":78,"slug":79,"title":80,"cover_image":81,"image_url":81,"created_at":82,"category":13},"6f25a29c-cbb8-4f53-9af7-1656b394333a","turboquant-cuts-kv-cache-memory-6x-google-tests-zh","TurboQuant 在 Google 測試中省下 6x KV 快取","https:\u002F\u002Fxxdpdyhzhpamafnrdkyq.supabase.co\u002Fstorage\u002Fv1\u002Fobject\u002Fpublic\u002Fcovers\u002Finline-1780906682236-sqe2.png","2026-06-08T08:17:21.878314+00:00",[84,89,94,99,104,109,114,119,124,129],{"id":85,"slug":86,"title":87,"created_at":88},"f18dbadb-8c59-4723-84a4-6ad22746c77a","deepmind-bets-on-continuous-learning-ai-2026-zh","DeepMind 押注 2026 連續學習 AI","2026-03-26T08:16:02.367355+00:00",{"id":90,"slug":91,"title":92,"created_at":93},"f4a106cb-02a6-4508-8f39-9720a0a93cee","ml-papers-of-the-week-github-research-desk-zh","每週 ML 論文清單，為何紅到 GitHub","2026-03-27T01:11:39.284175+00:00",{"id":95,"slug":96,"title":97,"created_at":98},"c4f807ca-4e5f-47f1-a48c-961cf3fc44dc","ai-ml-conferences-to-watch-in-2026-zh","2026 AI 研討會投稿時程整理","2026-03-27T01:51:53.874432+00:00",{"id":100,"slug":101,"title":102,"created_at":103},"cf046742-efb2-4753-aef9-caed5da5e32e","adaptive-block-scaled-data-types-zh","IF4：神經網路量化的聰明選擇","2026-03-31T06:00:36.990273+00:00",{"id":105,"slug":106,"title":107,"created_at":108},"53a0dc54-0371-4e40-8d5e-74e94a73840c","geometry-aware-similarity-metrics-for-neural-representations-zh","超越距離測量：用微分幾何重新理解神經網路","2026-03-31T06:01:01.241968+00:00",{"id":110,"slug":111,"title":112,"created_at":113},"fee7d472-a775-4b1d-bbc2-1e8bca1bbf8b","on-the-fly-repulsion-in-the-contextual-space-for-rich-divers-zh","讓AI繪圖更有創意：用排斥力提升生成多樣性","2026-03-31T06:01:25.439673+00:00",{"id":115,"slug":116,"title":117,"created_at":118},"a9901203-d69b-447b-8854-15d14eab32b4","vision-aided-beam-prediction-cnn-eca-zh","影像輔助波束預測升級 CNN","2026-04-01T10:00:25.8073+00:00",{"id":120,"slug":121,"title":122,"created_at":123},"b55e7dd4-0a24-4b3d-804d-b0309a03f498","triple-band-fss-mimo-antenna-sub-6-ghz-zh","三頻 FSS MIMO 天線瞄準 sub-6 GHz","2026-04-01T13:18:36.857305+00:00",{"id":125,"slug":126,"title":127,"created_at":128},"f68290bd-e7f3-4b30-ba22-dcd4e0130a66","openclaw-1299-repos-eight-weeks-analysis-zh","OpenClaw 1299 個 Repo 的資料解讀","2026-04-02T05:03:45.208411+00:00",{"id":130,"slug":131,"title":132,"created_at":133},"ed9f80eb-eb02-4d35-8ad4-0ddf428751dd","beam-coherence-aware-combining-mmwave-mimo-zh","毫米波 MIMO 的雙階合併法","2026-04-02T05:27:26.897188+00:00"]