>Disagree because to run the PoC you really ought to understand what it’s doing.

that is contained in the report, which will look similar to the blog. the maintainers will have an open line of contact with the reporters as well. the poc is a small part of the entire report. its not like the linux maintainers only received this poc and have to work out the vulnerability from it alone.

>It is failing at letting people confirm the exploit easily.

it confirms the exploit incredibly easy. just run it, and you get confirmation.

what the blog says and what the code does are two different things.

For all I know the blog itself is a honey pot. I need to know what the code does before I run it.

>I need to know what the code does before I run it.

its literally code meant to exploit your system. you should be running it in an environment built for that already.

you dont test exploit pocs on your daily driver.

> you dont test exploit pocs on your daily driver.

Do you just like making fake points and pretending other people said them?

go ahead and explain your point, rather than be cryptic, if you you want to have an actual conversation about it.

you said "I need to know what the code does before I run it.".

you know its an LPE. the mechanisms of the exploit are fully explained. what more do you need to know? please imagine yourself in the position of the kernel security team who would have received this poc in the first place when you answer, because that is the intended context of the poc.

if you think the kernel security team is going to get tripped up over "os as g", you have a crazy low view of the team.

While your at it you can enter your credit card details to see if they've been leaked.