This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.

February, 2009

article thumbnail

Linux kernel minor "seccomp" vulnerability

Scary Beasts Security

FEBRUARY 25, 2009

I just released some technical details on why and how "seccomp" is vulnerable to the Linux kernel syscall filtering problems that I previously blogged about. The full details may be found here: [link] The actual bug is of little significance because pretty much no-one uses seccomp: This searches for the PR_SET_SECCOMP string on Google Code Search In addition, even if people did use this -- the bug is not a full break out, just some leakage of filesystem names via stat() or mischief via unrestric

Technology 53
Technology 53
article thumbnail

Linux kernel minor signal vulnerability

Scary Beasts Security

FEBRUARY 24, 2009

I recently came up with a little API abuse of the clone() system call. Not earth shattering, but definitely fun. Essentially, you can send any signal you want at any time to your parent process, even if it is running with real and effective user id of someone else (e.g. root ). Full technical details and an example may be found here: [link] Maybe someone more devious that me can come up with better abuse scenarios than I can.

50
50
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

vsftpd-2.1.0 and ptrace() sandboxing

Scary Beasts Security

FEBRUARY 20, 2009

The new sandboxing support mentioned in the vsftpd-2.1.0 announcement post is actually a ptrace() based sandbox. It is experimental and therefore off by default. It only currently supports i386 Linux (but there's no reason you couldn't hack the Makefile to build 32-bit on 64-bit Linux). When enabled, it only engages when using one_process_model , i.e. simple anonymous-only configurations.

Firewall 50
Firewall Hacking 50
article thumbnail

vsftpd-2.1.0 released

Scary Beasts Security

FEBRUARY 18, 2009

I just released vsftpd-2.1.0, with full details being available on the vsftpd web page: [link] It fixes a bunch of bugs and compile errors, introduces a few minor new features, has some code clean ups, etc. etc. vsftpd-2.1.0 is interesting from a security perspective because of its changes to SSL support. It actual contains a reasonable resolution to the connection theft attack I blogged about here: [link] In the linked advisory I said "I have a crazy idea to use the SSL session cache as a cheez

Authentication 50
Authentication 50
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 

Stay Connected

Join 29,000+ Insiders by signing up for our newsletter

About
About
Editions
Editions
Topics
Powered by Aggregage | Terms and Conditions | Your California Rights and Privacy Policy
© Aggregage 2024