Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @a13xp0p0v
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @a13xp0p0v
-
Prikvačeni tweet
I've created a Linux Kernel Defence Map showing the relations between: - vulnerability classes / exploitation techniques, - kernel defences, - bug detection means. Feedback is welcome. Link: https://github.com/a13xp0p0v/linux-kernel-defence-map/blob/master/README.md …pic.twitter.com/gIqQApQyUe
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Ha, nice idea! And we use FRIDGE for hacker stickers that didn't find room on the laptop. Kids have fun every time I return from a conference :) https://twitter.com/andreyknvl/status/1224782595097055233 …pic.twitter.com/mgo4aPQHDS
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Alexander Popov proslijedio/la je Tweet
Nice talk about CFI in the Linux kernel by
@kees_cook Slides: https://outflux.net/slides/2020/lca/cfi.pdf … Video:https://www.youtube.com/watch?v=0Bj6W7qrOOI …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
And let me thank Mr1 once again! He is cool! I would not be able to become a QEMU contributor without his help :-) [n+1/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
And now can you guess who created this bug back in 2015? Yes, it was Mr2. LOL! Maybe that is why he was delaying the fix that killed it. That was weird story. Hope you liked it. Happy end! ========================= [n/n]pic.twitter.com/cqqSUDX9aX
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Jan 22] me: pinging in the ML again about this fix and unit-test! [Jan 22] Mr1: I asked Mr2. He promised to take a look very soon! [Jan 23] Mr2: merged. https://github.com/jnsnow/qemu/commits/ide … WOW! Really?!! [17/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Jan 2] me: Happy New Year everyone! There is a CVE. How about review? /* 5 days passed */ [Jan 7] Mr1: okay, it's fine now. [Jan 8] me: thank you a lot! Let's wait for more reviews. /* 2 weeks passed */ [16/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Meanwhile my friends at 36C3 recommended to request a CVE to speed up the review process :-) Nice idea! Red Had likes CVEs! So MITRE allocated CVE-2019-20175 for this issue (with a DISPUTED tag). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20175 … [15/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Dec 23] me: new fast shiny unit-test and fix https://lists.nongnu.org/archive/html/qemu-devel/2019-12/msg05135.html … [Dec 24] Mr2: I've been out to lunch for a little while. I'll review these series before the end of the year. [Dec 28] me: hello anybody? /* Silence. Happy New Year! No review. LOL!!! */ [14/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Dec 19] Mr1: No, your unit-test is slow. Make it faster. me: okay, I'll do that... https://lists.nongnu.org/archive/html/qemu-devel/2019-12/msg04442.html … /* More work done. Rrrrr! It must be finished! */ [13/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Nov 27] me: okay, it looks like I can do that https://lists.nongnu.org/archive/html/qemu-devel/2019-11/msg04403.html … /* More work done. I developed a new IDE fix and a shiny unit-test that also found an extra DMA emulation bug */ [Dec 16] me: sent the patch series [12/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Nov 7] me: huh, yes, I will take this task and return with a patch. /* Grr. Challenge accepted! A week of development. */ [Nov 14] me: new patch fixing IDE [Nov 21] Mr1: we have unit tests. First you improve them to cover all cases. Do according the IDE specification. [11/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Nov 6] me: I'm pointing politely to this issue again. It crashes qemu during syzkaller fuzzing. Why don't you apply my commit and then do the refactoring later when you want? [Nov 7] somebody in ML: do you want to rework the code yourself? https://twitter.com/a13xp0p0v/status/1192030766471032833 … [10/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Jul 26] Mr2: oh, this is fun. Not gonna take your fix. Whole code should be overwritten. I can worry about a proper fix for QEMU 4.2+. [Jul 27] me: hum, okay... Feel free to add me to CC, I can review the patches and test them with fuzzing! /* 3.5 months passed... */ [9/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Jul 15] me: public friendly ping [Jul 16] Mr1: hey Mr2, it's for you! Mr2: I'm aware of the patch. It's on the list to investigate today. /* 10 days passed... Huh? */ [8/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[Jun 20] me: sent PoC and patch to QEMU security team [Jun 26] me: hey, friendly ping! [Jul 05] secteam: Please feel free to send the patch upstream me: no problem, sent PoC and patch to the public ML https://lists.nongnu.org/archive/html/qemu-devel/2019-07/msg01651.html … [7/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
It looked like QEMU guest-to-host DoS, so I prepared the fixing patch and decided to send it to QEMU security team. Yes, I'm doing responsible disclosure, folks :-) Then the crawling fun began. [6/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
One misty morning I logged into my fuzzing machine wondering why syzkaller hadn't given any useful results for several weeks. I've found QEMU crashed. Wow, syzkaller learned how to destroy its own environment :-/ [5/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This bug couldn't read or write (what a pity!). It only asserted that the size of successful DMA transfers handled in ide_dma_cb() should be multiple of 512 (the size of a sector). ... 4 years later... [4/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
This bug was born in July 2015, in a lovely QEMU file called hw/ide/core.c. It was not very serious or critical like others. So you would not be very frustrated if you meet it on the way. I will not speak about its father. Let me keep the intrigue till the end. [3/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
_Disclaimer_ That is not for trolling, that is for LOL. So here I omit the names of QEMU maintainers that were involved in these adventures. I will call them Mr1 and Mr2. Have fun! [2/n]
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.