Best recent example was this one heap overflow Flash introduced in their delayed free mitigation (https://www.offensive-security.com/AWEPAPERS/Exploit_Adobe_Flash_Under_the_Latest_Mitigation_Read.pdf …) by @guhe120
-
-
That's not really attack surface, that's just an implementation issue
1 reply 0 retweets 1 like -
the definition of "attack surface" that I know is "any code in which bugs could cause security issues"
1 reply 0 retweets 3 likes -
Replying to @tehjh @dwizzzleMSFT and
with that definition, mitigations usually add attack surface
1 reply 0 retweets 0 likes -
Replying to @tehjh @dwizzzleMSFT and
heh, and aren't you the guy that found an exploitable kernel bug in seccomp BFP? :D
2 replies 0 retweets 1 like -
Replying to @scarybeasts @dwizzzleMSFT and
yeah, https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/seccomp.c?id=103502a35cfce0710909da874f092cb44823ca03 … - although it required a seccomp filter without NNP, which is pretty uncommon
1 reply 0 retweets 4 likes
(the other BPF issue I found, https://bugs.chromium.org/p/project-zero/issues/detail?id=808 …, was in eBPF, which doesn't have much to do with seccomp)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.