| Tweetovi |
|
Federico Bento
@uid1000
|
5. velj |
|
That's hilarious! I was wondering how you bypassed stack canaries as it's a linear buffer overflow 😂
|
||
|
|
||
|
Federico Bento
@uid1000
|
5. velj |
|
Can you elaborate on the inaccuracies? The git commit message seems pretty clear
|
||
|
|
||
|
Federico Bento
@uid1000
|
5. velj |
|
Nice! Out of curiosity, were any exploit mitigations turned off for this?
|
||
|
|
||
|
Federico Bento
@uid1000
|
30. sij |
|
|
||
|
Federico Bento
@uid1000
|
29. sij |
|
I wonder how many of the recent OpenBSD's vulns are bugdoors 😂
|
||
|
|
||
|
Federico Bento
@uid1000
|
11. sij |
|
What do you mean? :P
|
||
|
|
||
|
Federico Bento
@uid1000
|
11. sij |
|
It's fun stuff, if you're interested in details PM me
|
||
|
|
||
|
Federico Bento
@uid1000
|
11. sij |
|
Yeah, and requires little manual patching (the boring part can be mostly automated)
|
||
|
|
||
|
Federico Bento
@uid1000
|
11. sij |
|
Read-only cred structs up and running, on to task structs! 😋
|
||
|
|
||
|
Federico Bento
@uid1000
|
7. sij |
|
Who would have thought that the kernel can access a kernel page? 🤔
|
||
|
|
||
|
Federico Bento
@uid1000
|
7. sij |
|
Actually, it went out in style since it was just reverted? :)
|
||
|
|
||
|
Federico Bento
@uid1000
|
3. sij |
|
Now you'll get pwned faster with exotic cpu bugs because you just revealed it on twitter :P
|
||
|
|
||
|
Federico Bento
@uid1000
|
29. pro |
|
Overall bad read: isopenbsdsecu.re
|
||
|
|
||
|
Federico Bento
@uid1000
|
13. pro |
|
Hopefully in your blogpost you specify your views on fine-grained CFI and why you're skeptical about it too
|
||
|
|
||
|
Federico Bento
@uid1000
|
12. pro |
|
CVE-2019-19726 is kinda like the new CVE-2009-4146
openwall.com/lists/oss-secu…
seclists.org/fulldisclosure…
|
||
|
|
||
|
Federico Bento
@uid1000
|
7. pro |
|
It can be done with a flag via open() directly without fcntl, or am I missing something? :P
|
||
|
|
||
|
Federico Bento
@uid1000
|
7. pro |
|
O_DIRECT?
|
||
|
|
||
|
Federico Bento
@uid1000
|
7. pro |
|
The best part is understanding why that's the case
|
||
|
|
||
|
Federico Bento
@uid1000
|
5. pro |
|
What does that have to do with individual vulnerabilites? Which is clearly not the point of the thesis.
|
||
|
|
||
|
Federico Bento
@uid1000
|
5. pro |
|
Congrats to them for being so smart that they didn't notice basic security problems on your code.
|
||
|
|
||