How to panic a current @grsecurity kernel as any user: $ script /dev/null </dev/zero (seriously, WTF)
This is the fail in the @grsecurity patch. How did this pass review? ... a security patchset has code review, right?pic.twitter.com/gincZXdQrU
-
-
@marcan42@grsecurity ow, my eyes x_xThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@marcan42@grsecurity@shuffle2 Passions flare quite quickly !Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@marcan42@Reversity@grsecurity How did static analysis miss that? -
@ErrataRob@marcan42@grsecurity Dunno, look at the replies, it's the actual fun part :D - Show replies
New conversation -
-
-
@marcan42@Reversity@grsecurity get blocked too :( i think grsecurity is applied to your tweet!Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@marcan42 I mean, at least it's not RCE, right? shell shock was a bit worse.
-
@unix_ninja No, but almost. The introduced bug ends up feeding more characters down than fit in the buffer. Latter code catches it.
End of conversation
New conversation -
-
-
@marcan42@grsecurity Have you requested a#CVE for this issue yet? If not I'll assign one, thanks. -
@kurtseifried grsec doesn't do CVEs for SIZE_OVERFLOW DoS bugs, they have tons of them.
End of conversation
New conversation -
-
-
@marcan42@grsecurity where's option explicit ?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.