The mknod() syscall was allowing unprivileged users to create any device that they wanted, and since they created it, they could make it writable. Fix:https://github.com/SerenityOS/serenity/commit/c7eb3ff1b38be5c192bb4a3f6584303476828c1d …
-
-
Prikaži ovu nit
-
The read() and write() syscalls were not verifying that the file descriptor passed to them was readable or writable respectively. It was also possible to overwrite a read-only directory opened with opendir() because of this. Fix:https://github.com/SerenityOS/serenity/commit/0a1865ebc6a0df78464c63064e1e3e61384441bc …
Prikaži ovu nit -
SystemServer (the "init" program) was doing setuid() before setgid() when dropping privileges. Since we had already dropped UID 0, the call to setgid() would fail, and caused all processes to be running with GID 0. Fix:https://github.com/SerenityOS/serenity/commit/0958d826d6cb84b9a309846ce44eefa7ea3d9f70 …
Prikaži ovu nit -
This one was patched out for the CTF because it was so obvious, but here it is anyway: The module_load() syscall was allowing unprivileged users to install and run kernel modules. The check for superuser privileges was commented out, whoops! Fix:https://github.com/SerenityOS/serenity/commit/14cdd3fdc1cb2ca3b6e323cf8ba5bf5ce5c5f236 …
Prikaži ovu nit -
Syscalls that took pointer arguments would only validate that the first and last page in the provided memory range were accessible to the process, skipping all the pages in the middle. Fix:https://github.com/SerenityOS/serenity/commit/3dcec260ed0455a1de9ff5ebbdd6480caf1bd6b4 …
Prikaži ovu nit - Kraj razgovora
Novi razgovor -
-
-
I love this security work cause it really shows how much consideration has to go into every systemcall (and how my kernel isn't doing that). Awesome work
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
You should do a $10000 bounty for people finding exploits...yes, you may go bankrupt - but it would be worth it for quality :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.


Let me show you some of them!

