Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
The comic is an OK description I think pre-user namespaces, but post-user-namespaces it's not right and confuses how the namespaced capabilities actually work (since nobody specifically gives them X capability, they get them all automatically,except see above for what that means)pic.twitter.com/QeqesdLO7o
-
Very easy to miss in the patch, literally right above code copy+pasted for USERCOPY, here it is in the public 4.9 patch:pic.twitter.com/hpbwSfjeta
-
Another 4.14 patch, another random CFI fix we've had since 2016 in this casepic.twitter.com/qNwMRuM00S
-
Paper which doesn't include RAP concludes that no CFI can be fine-grained, fast, and actually prevent attacks. That's convenient -- definitely wouldn't want to include the only one that disproves the thesis. https://arxiv.org/pdf/1911.07828.pdf …pic.twitter.com/LCK8sVsMof
-
Thanks
@amluto ! You've described us perfectly in https://seclists.org/oss-sec/2019/q4/98 …. We continue to support i386 and it's an important part of our QA process.pic.twitter.com/lqJ0OEexpf
-
I had missed this, and probably so did many others. The newly-added comments to the end of https://mdsattacks.com/ seem important to repeat though. See also pg 19 of https://mdsattacks.com/files/ridl.pdf Very worrying, and seems like things are going downhill at Intelpic.twitter.com/K0QqqLnbhT
-
Upstream 4.14 finally addresses this vuln published on oss-sec a year and 4 months ago: http://www.openwall.com/lists/oss-security/2018/07/06/1 … Or does it?
pic.twitter.com/GulMIM17tf
-
What it looks like when someone backports type fixes you've had since 2014 with only whitespace differences (as just happened in 4.14):pic.twitter.com/9S7g0NWrUU
Prikaži ovu nit -
I like these testcases: https://www.openwall.com/lists/kernel-hardening/2019/11/20/3 … Mainly because the compiler already detects the example bad access at compile time, and also because it doesn't bother to illustrate any of the many other real-life instances where this will do nothing at all.pic.twitter.com/AvK3lVzAKF
Prikaži ovu nit -
https://www.cybok.org/media/downloads/Operating_Systems__Virtualisation_Security_issue_1.0_xhesi5S.pdf … Though I disagree with the paragraph following this one; if the real reason were performance (for something completely optional, mind you) there are a number of security features that should never have been merged.pic.twitter.com/9kWUksKYqz
Prikaži ovu nit -
-rw-r--r-- 1 paxguy1 www-users 954352 Feb 13 2014 pax-linux-3.13.3-test9-fptr-only.patchpic.twitter.com/Y14xfx4Xa1
Prikaži ovu nit -
-
Xen security release that references a not-existing-yet Intel advisory page, embargo day! Again seems to be an Intel-only vulnpic.twitter.com/DhxVjxFq6U
Prikaži ovu nit -
-
-
Latest 4.4 kernel finally backports some Spectre fixes from over a year ago (that we already backported a year to the day today)pic.twitter.com/VK21PO5JVE
Prikaži ovu nit -
A belated Happy Halloween from our office! Don't let this one keep you up at night:pic.twitter.com/Vo484Bwpv4
-
2 years later, some others are finally catching on: https://pothos.github.io/papers/backward-edge_protection.pdf … https://twitter.com/lazytyped/status/899173090550312961 …pic.twitter.com/6UsM0JHlvZ
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.