http://cve.mitre.org/cgi-bin/cvename...=CVE-2009-1185 describes that it is possible to get root priviledges from user space by tricking udev < 1.4.1.

The PR 1.2 udev is 0.125-7+142.maemo1+0m5 (definitely < 1.4.1??).

So: is it possible to hack the system? Are updates of udev possible? How would Nokia react about generic linux vulnerabilities in future?

Serious question, or statement if you will: Does it really matter?

As you said, this is a local exploit. Physical access to the N900 means your data is compromised anyway. I treat my phone like I treat my wallet : ) Nobody touches it except for me. Aside from this, one need only install rootsh, no password required, and you have full system access anyway.

Local privilege escalation vulnerabilities can be dangerous even remotely.

Let's say you have a chrooted browser that's running under a different user. You'd feel pretty safe from any security problems in the browser, right? If the attacker can also gain root, you're not.

This vulnerability is a problem with Android smartphones. There is an app which looks like a coool wallpaper collection (downloaded very often). This app uses the vulnerability to send sensitive data home (to china). Source blackhat/Spiegel http://www.spiegel.de/netzwelt/web/0...9355-3,00.html (german, sorry), http://g3la.de/37 and others. The app works lokal :-(