-
“Pwning coworkers thanks to
having them run a program written in a Turing-complete language” just doesn’t have the same ring, eh?I guess there could be a disconnect between a user’s expected security and the reality, but…
-
-
The original page had a tag stating it was Connect() related. Connect() is a developer conference intended for later this week.
It’s probably being announced then.
-
For everything but my laptops, wmii. The rest of the time is on OSX, where I use Spectacle to (basically) tile my apps via the keyboard.
-
Correct me if I’m wrong, because I’m sure there are people here who know more about this topic, but couldn’t the problem of unnecessary branching be fixed with conditional move instructions?
For example, absolute value in pseudo-assembly:
compare X 0 move Y 1 conditional-move-LT Y -1 multiply X YIt seems like most of the mathematically unnecessary branches (i.e. where you’re just pulling different data, but not using different control flows) can be cleared out using conditional move instructions, which (IIRC) aren’t generated by most compilers for backward compatibility reasons.
-
-
It would be awesome if posts went to the original content, not to another link aggregation site.
-
-
demoray
2 years ago
|
link
| on:
Understanding the modernization of the OpenBSD network stack, part 1: ART single thread performances
The link with actual content: http://www.grenadille.net/post/2016/06/17/ART-single-thread-performances
-
Wow. An ncurses mp3 player? It feels like 1998 all over again.
-
I use this idea where capabilities are not applicable to good end. For single shot applications, such as 12 factor apps, or fork-on-accept read-only network servers such as anoncvs, non-cgi http, or anonftp, I highly recommend something like this.
Let’s take Apache, a forking TCP server. Assume an attacker can compromise the process handling their connection, but doesn’t have kernel or filesystem privileges. Even if the attacker can’t touch the filesystem due to properly implemented chroots, they can still impact other user’s HTTP processes via ptrace or signals.
My issues with raru are that it might randomly land on an in-use UID/GID, and uses only 16 bits of entropy, which is too little separation for a highly used network service. I prefer my I implementation of this idea I used for the inetd replacement used in CGC:
- https://github.com/CyberGrandChallenge/service-launcher/blob/master/privileges.c#L46 - get_unused_uid
- https://github.com/CyberGrandChallenge/service-launcher/blob/master/privileges.c#L63 - get_unused_gid
- https://github.com/CyberGrandChallenge/service-launcher/blob/master/privileges.c#L80 - drop_privilages
-
demoray
2 years ago
|
link
| on:
The First Person to Hack the iPhone Built a Self-Driving Car. In His Garage.
“I know everything there is to know”, Geohot 2015.
I am reminded of the Socratic paradox, which is roughly mirrored in the bible and on many fortune cookies. The wise man knows he knows nothing, the fool thinks he knows all.
-
For those that can’t stand video for reading code, the code in question is:
class A(object): def __getitem__(self, item): print item return item a = A() if "A" in a: print "YEP"A few things to remember:
__getitem__(...) x.__getitem__(y) <==> x[y]With that in mind, remember that
"a" in xis roughly equivalent to:i = 0 try: while True: if x[i] == "a": return True else: i += 1 except IndexError: return FalseThe original A implementation never bothers to validate the position of getitem
-
Work: Visiting Edinburgh for our semi-annual internal hackdays! Aiming to build a new internal service to replace a google document using Lotus which should be quite interesting.
Outside of work I’ve been playing with celluloid with the aim of writing a stats collection script to shove stats into influxdb for graphs on various things at home. Also thinking I should spend some time teasing private config out of my puppet modules for the home server & start publishing the modules.
Broke a spoke on the rear wheel of my bike for the second time late last week, which is just a bit irritating. At £16 for a replacement spoke & true at the local bike shop, I’m half minded to buy a decent pack of spokes & a truing jig and just rebuild the wheel myself with stronger spokes. It is a cheap stock Mavic wheel after all, they’re not rated as super strong out the box. Hub & Rim are strong enough, just needs some better quality spokes on it.
-
-
Using pickle for data marshaling in an intrusion detection project? No thanks, Lockmart.
https://github.com/lmco/laikaboss/blob/master/laikad.py#L499
-
-
I recognize the potential problem with the “direct” approach, but it seems like the
envapproach just trades one problem for another (namely, that a user with a$PATHthat prefers a different python interpreter than the script’s author intended can end up with unexpected breakage – a situation I find myself in somewhat often, for various reasons). Personally, I very much prefer the obvious, unambiguous immediate-ENOENTfailure mode of the former to the who-knows-what-might-go-wrong-or-how-or-when of the latter, so I stick with the plain old hard-coded absolute path.-
Chalk me up as another hater of non env shebangs in scripts. Don’t presume /usr/bin/python is what you want, all the problems you specify with PATH being messed up exist with /usr/bin/python too.
What if /usr/bin/python is python3 and not python2? What if the user installed python to /usr/local/bin? What if their script is running on nixos where jack and squat is in /usr/bin?
If a user modifies their PATH to point to a different interpreter, that is the whole point of the env shebang line. Unexpected breakage? Well yeah, but if we stick to /usr/bin/BLAH we get the same problem.
With env? PATH=/python/2.7/bin:$PATH scriptname vs /python/2.7/bin/python $(which scriptname)
Want to run it on 2.6? PATH=/python/2.6/bin:$PATH scriptname vs /python/2.6/bin/python $(which scriptname)
Alternative without env means you specify python entirely or rewrite the shebang line to be the sane env line. Assuming /usr/bin/python exists on your target system is as bad of an assumption here. A worse one in my opinion. You’re probably OK if you only ever run on linux, but as someone that had to deal with multiple unixes in the past, env is by far the better iocaine powder here.
-
-
Yep, nixos is the most unique unix like distro in this regard. But /usr/bin/env is present there for a good reason and for shebang lines is basically it. But if you’ve ever written “portable” scripts where some things are in /usr/sfw, other os’s in /opt, etc…. /usr/bin/env is a real nice thing to use and depend on.
Besides I consider /usr/bin/… to normally be out of date, wrong, compiled wrong, doesn’t have the things I need, etc… But I’ve had to deal with too much old unix probably and am just angry at hpux and solaris at this point.
-
It’s… ultimately, any script relies on the user to tell it where the tools it needs are. $PATH is a mechanism for that, and much simpler than editing the source, which is the major alternative. If the user doesn’t think about it or gets it wrong, bad things happen, and that’s not avoidable.
Or we could avoid it by making all Unix software portable. hollow laugh
-
-
-
-
-
That can work for stuff that you make for yourself, but when you try to distribute something you either test every OS/distro possible or.. you just use env.
As a FreeBSD user I’m really sick of people going /bin/bash.. or even worse, doing /bin/sh assuming it’s an alias of bash.
-
-
-
-
This is why I like vagrant for managing OS deps and virtualenv for building python deps. You can share code that bootstraps itself with its env variable and executable path, installs the python libs, and then when the user runs it with something like a shell script all the path references are in place, and the only sudo usage required is to install pip and virtualenv (if not included in the distro already)
-
-
-
Based on the giant red warning message on python’s website, I’d say you’re right.
-
There is an important distinction to make here: that warning says not to unpickle a pickle file from an untrusted source, it’s not a warning about pickling malicious data. I don’t know if that’s a difference in kind or not, but I think the case can be made that the first is a 100% terrible idea and the second unwise but more difficult to exploit.
-
-
-
I conjecture that the recent hacking of the Office of Personnel Management was enabled by similarly bad project management leading to sub-optimal, if not outright dangerously insecure software.
How does one solve this? Open audit of software? Better contracting standards?
-
“Cost realism” and “lowest bidder” make large projects in most government agencies a mess.
In my opinion, the situation at OPM is worse than healthcare.gov. The idea of protecting critical data with software maintained by the lowest bidders over the last 20 years is insane.
-
It’s far from clear that any government-funded software project has ever succeeded at defensive security. NASA’s stuff is, at least, highly reliable (don’t let the disaster stories fool you; highly reliable software is still fallible), but the majority of government software fails in that regard as well.
“How does one solve this” is kind of the wrong question, in that there is no present-day answer. “What fundamentals would have to change for this to be solved” would be a much better one. Also, I don’t have answers either so I’ll happily talk all day about what a difficult problem it is. :)
-
-
I’ve also found using ‘trap’ to help make bash less painful.
I much prefer using Jenkins Job Builder for managing jenkins jobs. I find Groovy and Jenkins Job DSL basically impossible to debug and a semantic nightmare. JJB is just a YAML file that creates jobs from it. You can generate the YAML however you want, but it’s pretty clear how that YAML turns into a job.
A few years ago, I built something similar to JJB for similar reasons.
For as prevalent as Jenkins is, I continue to be surprised and disappointed at how painful it is to automate.