Here's my fix for the writev() bug. Basically making a local copy of all the iovecs and validating each area before proceeding.https://github.com/SerenityOS/serenity/commit/1525c119284a9d021ff039eb8ea9c8155c60fb54 …
-
-
Prikaži ovu nit
-
And here's the clock_nanosleep() TOCTOU fix. This bad pattern was occurring in several syscall so I take care of all of them in this patch. It's quite interesting how the bug was further hidden by the use of structured binding declarations!

https://github.com/SerenityOS/serenity/commit/c89fe8a6a3e05cc26797c6b85fff4422ffacab0d …Prikaži ovu nit -
And since the write-up mentioned (but didn't use) a stack buffer overflow in the ELF code, I fixed that too:https://github.com/SerenityOS/serenity/commit/7ae7a60caaaacbca0427334aeb7234d1eedf2227 …
Prikaži ovu nit -
In case it's not obvious, I absolutely love these write-ups! It's so interesting to see software from this unfamiliar angle.

I'll be pushing forward to disable as many exploit classes as I can, but I'm just one guy so if anyone wants to help out you're more than welcome!Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
cute avi
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

This one combines missing userspace pointer validation in writev() with a TOCTOU in clock_nanosleep(). Great show! 
