February, 2009

article thumbnail

Linux kernel minor "seccomp" vulnerability

Scary Beasts Security

I just released some technical details on why and how "seccomp" is vulnerable to the Linux kernel syscall filtering problems that I previously blogged about. The full details may be found here: [link] The actual bug is of little significance because pretty much no-one uses seccomp: This searches for the PR_SET_SECCOMP string on Google Code Search In addition, even if people did use this -- the bug is not a full break out, just some leakage of filesystem names via stat() or mischief via unrestric

article thumbnail

Linux kernel minor signal vulnerability

Scary Beasts Security

I recently came up with a little API abuse of the clone() system call. Not earth shattering, but definitely fun. Essentially, you can send any signal you want at any time to your parent process, even if it is running with real and effective user id of someone else (e.g. root ). Full technical details and an example may be found here: [link] Maybe someone more devious that me can come up with better abuse scenarios than I can.

50
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

vsftpd-2.1.0 and ptrace() sandboxing

Scary Beasts Security

The new sandboxing support mentioned in the vsftpd-2.1.0 announcement post is actually a ptrace() based sandbox. It is experimental and therefore off by default. It only currently supports i386 Linux (but there's no reason you couldn't hack the Makefile to build 32-bit on 64-bit Linux). When enabled, it only engages when using one_process_model , i.e. simple anonymous-only configurations.

article thumbnail

vsftpd-2.1.0 released

Scary Beasts Security

I just released vsftpd-2.1.0, with full details being available on the vsftpd web page: [link] It fixes a bunch of bugs and compile errors, introduces a few minor new features, has some code clean ups, etc. etc. vsftpd-2.1.0 is interesting from a security perspective because of its changes to SSL support. It actual contains a reasonable resolution to the connection theft attack I blogged about here: [link] In the linked advisory I said "I have a crazy idea to use the SSL session cache as a cheez

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.