[$] Attacking the kernel via its command line

The kernel's command line allows the specification of many operatingparameters at boot time. A silly bug in command-line parsing was reportedby Ilya Matveychikov on May 22; it can be exploited to force a stackbuffer overflow with a controlled payload that can overwrite memory. Thebug itself stems from a bounds-checking error that, while simple, has stillbeen in the Linux kernel source since version 2.6.20. The subsequentdisclosure post byMatveychikov in the oss-security list spawned a discussion on whatconstitutes a vulnerability, and what is, instead, merely a bug.