"Am I affected by the bug?" is misleading

Question

"Am I affected by the bug?" is misleading

glasser opened this issue 8 years ago · 3 comments

I went to this site on my Mac and saw:

Am I affected by the bug?
Nope.

When I read that, I interpreted this as meaning: This may be a security hole, but it's not a huge deal; we're just making a funny page for it for the hell of it. You don't have to worry about any Linux servers you maintain.

I did not interpret it as meaning "The particular web browser you're using to access this page runs on a system that isn't affected by the bug."

I'd suggest being more clear. (Plus, it doesn't actually detect whether you're running a fixed kernel or not, so even if you understand that the text is dynamic, it's not that helpful.)

Answer 1 · 2016-10-25T00:01:08.000Z

Just tested and confirmed @glasser's last parenthetical remark. The "Am I affected by the bug?" section fails to account for systems running the fixed 4.8.4 kernel.
$ uname -a
Linux arch 4.8.4-1-ARCH #1 SMP PREEMPT Sat Oct 22 18:26:57 CEST 2016 x86_64 GNU/Linux

Answer 2 · 2016-10-25T20:27:43.000Z

I presumed that the page is static. It doesn't look dynamic.

Answer 3 · 2016-10-27T04:02:18.000Z

@daveloyall That part is actually a JavaScript snippet which looks for "Android" or "Linux" in the user agent: https://github.com/dirtycow/dirtycow.github.io/blob/master/index.html#L64-L65