1. 2
    nmatt avatar nmatt 1 year ago | link | on: On the Insecurity of TIOCSTI

    ongoing discussion taking place on oss-security: http://www.openwall.com/lists/oss-security/2017/06/29/4

    I’m hoping to still bring the same hardening to Linux in a more palatable form. This protection is currently enabled if you are using a linux-hardened kernel. (https://github.com/copperhead/linux-hardened)

    1. 1
      nmatt avatar nmatt 1 year ago | link | on: Let's Encrypt - Milestone: 100 Million Certificates Issued

      This is awesome to hear! I personally use the EFF’s certbot and it works like a charm. https://certbot.eff.org/

      1. 2
        nmatt avatar nmatt 1 year ago | link | on: kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse

        The paper states that the code is available here: http://nsl.cs.columbia.edu/projects/krx/ I’m looking forward to that actually happening. :)

        1. 3
          nmatt avatar nmatt 1 year ago | link | on: NSA Technology Transfer Program

          Anyone understand why this code is written as it is?

          https://github.com/NationalSecurityAgency/DCP/blob/master/src/io/io_entry.c#L43-L46

          It seems like that do while loop will always execute exactly one time.

          1. 4
            mikejsavage avatar mikejsavage 1 year ago | link

            It’s a C thing: https://stackoverflow.com/a/1067238

            1. 3
              nmatt avatar nmatt 1 year ago | link

              thanks! Always cool to learn new things about C. I wrote up some tests to better understand this issue: https://github.com/nmatt0/c-samples/tree/master/multiline-macro