Post AUtn1F7WFMTTgh2gsa by mjg59@nondeterministic.computer
 (DIR) More posts by mjg59@nondeterministic.computer
 (DIR) Post #AUtf1ZUHisGhDpKvh2 by mjg59@nondeterministic.computer
       2023-04-22T02:53:04Z
       
       0 likes, 0 repeats
       
       bind mounts are really an underrated weapon in spoofing device identity that's on read-only filesystems
       
 (DIR) Post #AUti4emimdcKNn7gUS by foone@digipres.club
       2023-04-22T03:26:38Z
       
       1 likes, 0 repeats
       
       @mjg59 my favorite mounting trick was the Nissan Rogue pre-2017.It turns out it mounts your inserted drive at /media/$VOLUME_NAME.So you just need to use a tool to modify the EXT2 header to name the drive "../usr/bin/" and oh hey now it's sideloading binaries
       
 (DIR) Post #AUtiwusj9TFdwZnytM by mjg59@nondeterministic.computer
       2023-04-22T03:36:53Z
       
       0 likes, 0 repeats
       
       @foone Oh I thought this was just going to be semicolon related that's even neater
       
 (DIR) Post #AUtn1EDraHxGu50F84 by SteveSyfuhs@hachyderm.io
       2023-04-22T04:22:02Z
       
       0 likes, 0 repeats
       
       @foone @mjg59 WHY WOULD THEY SUPPORT RELATIVE P-- ugh. Nevermind. Just. Ugh.
       
 (DIR) Post #AUtn1F7WFMTTgh2gsa by mjg59@nondeterministic.computer
       2023-04-22T04:22:57Z
       
       0 likes, 0 repeats
       
       @SteveSyfuhs @foone Unix syscalls that take paths as arguments will canonicalise them
       
 (DIR) Post #AUtn8SNFMteeouq3xA by mjg59@nondeterministic.computer
       2023-04-22T04:23:21Z
       
       0 likes, 0 repeats
       
       @SteveSyfuhs @foone (the alternative would be for userland to do so first, which would be racy)
       
 (DIR) Post #AUtnIHzaozBXWCSmm0 by SteveSyfuhs@hachyderm.io
       2023-04-22T04:26:05Z
       
       0 likes, 0 repeats
       
       @mjg59 @foone is that the assumption that if you have the privilege to execute the syscall you ought to know to pass safe values?
       
 (DIR) Post #AUtnR2vSCzW1ObheD2 by mjg59@nondeterministic.computer
       2023-04-22T04:27:46Z
       
       0 likes, 0 repeats
       
       @SteveSyfuhs @foone basically
       
 (DIR) Post #AUtoV8GiNxt74y9yee by SteveSyfuhs@hachyderm.io
       2023-04-22T04:39:22Z
       
       0 likes, 0 repeats
       
       @mjg59 @foone that feels kinda foot gun-y, but I can't really judge. 😬
       
 (DIR) Post #AUtogk9VsHwFl8KOOG by mjg59@nondeterministic.computer
       2023-04-22T04:41:41Z
       
       0 likes, 0 repeats
       
       @SteveSyfuhs @foone A foot gun? In *my* POSIX-style OS?
       
 (DIR) Post #AUtpAkGa10lqnfwIdc by SteveSyfuhs@hachyderm.io
       2023-04-22T04:47:07Z
       
       0 likes, 0 repeats
       
       @mjg59 @foone it's the one true interface. Everything else is just wrong.
       
 (DIR) Post #AUuGxhM6KAXoix5ZUe by brauner@mastodon.social
       2023-04-22T09:58:27Z
       
       0 likes, 0 repeats
       
       @mjg59 @SteveSyfuhs @foone it kinda is what userspace is doing though to e.g., prevent against certain classes of escapes that rely on the kernel resolving .. and symlinks. It can be done race free it's just rather involved to do correctly; at least without openat2().