Fri Nov 04, 2016 12:35 pm
So think of it like this...the vulnerability is present, but it is irrelevant because everything runs as root. The DirtyCOW vulnerability is used to escalate privileges from a non-root user to root. If nothing runs as a non-root user, then there's really no local accounts that would need to escalate to root. If you've somehow managed to add in unsupported code into the ROS platform, and that code runs as a non-root user, then yes, you effectively will have created an attack vector someone could potentially use. In order for them to exploit the vulnerability, though, they need to be logged in as the non-root user, meaning they already have the credentials, or are able to break into the system in some other way.