fsebugoutzone.org:9999

       Post AjPy9VOhRg3MVQ35wu by phel@toot.cafe
 (DIR) More posts by phel@toot.cafe
 (DIR) Post #Aj8EkvxNm2CsyzYxDk by wolf480pl@mstdn.io
       2024-06-20T20:21:13Z
       
       0 likes, 0 repeats
       
       tfw looking for a local root exploit for Linux kernel, and my kernel is too old for most of them to work :/
       
 (DIR) Post #Aj8Ekx97LtBifg3q9Q by nullenvk@miku.place
       2024-06-20T20:36:33.401082Z
       
       0 likes, 0 repeats
       
       @wolf480pl What are you trying to achieve? Tinkering with some old, embedded device?
       
 (DIR) Post #Aj8EkyDPNQDLzH4mTg by wolf480pl@mstdn.io
       2024-06-20T20:39:48Z
       
       1 likes, 0 repeats
       
       @nullenvk tinkering with my new Android phone :P
       
 (DIR) Post #Aj8EkyFBGpdG4luCEy by wolf480pl@mstdn.io
       2024-06-20T20:35:17Z
       
       0 likes, 0 repeats
       
       # CONFIG_USER_NS is not set:(
       
 (DIR) Post #Aj8Ekz4aBikUeBxFMO by wolf480pl@mstdn.io
       2024-06-20T20:40:13Z
       
       1 likes, 0 repeats
       
       @nullenvk I thought I could try to have some fun with it before going through the official bootloader unlock procedure
       
 (DIR) Post #Aj8El1bykWeQWLawgy by wolf480pl@mstdn.io
       2024-06-20T21:15:46Z
       
       0 likes, 0 repeats
       
       # CONFIG_N_GSM is not set:((
       
 (DIR) Post #AjPy9VOhRg3MVQ35wu by phel@toot.cafe
       2024-06-20T21:09:35Z
       
       0 likes, 0 repeats
       
       @wolf480pl I thought it&#39;s pretty common to not enable it due to security concerns with the implementation?
       
 (DIR) Post #AjPy9WhWbAhoY5rdvk by wolf480pl@mstdn.io
       2024-06-20T21:12:36Z
       
       1 likes, 0 repeats
       
       @phel it&#39;s not about security concerns with the implementation. It&#39;s about exposing all the privileged syscalls as attack surface to everyone.Without userNS, a use-after-free in eg. netfilter code is a mildly annoying bug.With userNS, it&#39;s a local privilege escalation.
       
 (DIR) Post #AjPy9YpkfYTVABjF20 by wolf480pl@mstdn.io
       2024-06-20T21:13:51Z
       
       0 likes, 0 repeats
       
       @phel btw. on one of the exploit lists I found on github, half of the exploits use unshare to create a userNS and get CAP_NET_ADMIN in the namespace, then mess with the network stack.
       
 (DIR) Post #AjPyE46kKoqVJgpFku by wolf480pl@mstdn.io
       2024-06-29T09:14:53Z
       
       0 likes, 0 repeats
       
       &gt; trying bpf()&gt; expecting EPERM because of sysctl kernel.unprivileged_bpf_disabled&gt; got &quot;Bad syscall&quot; instead&gt; not -ENOSYS&gt; SIGSYSwat
       
 (DIR) Post #AjPyE5OVYGeDJ48x4y by wolf480pl@mstdn.io
       2024-06-29T09:20:27Z
       
       1 likes, 0 repeats
       
       I wish this kernel was new enough to be vulnerable to DirtyPipe ;_;
       
 (DIR) Post #AjPyEAhpnq4tmSDxOi by wolf480pl@mstdn.io
       2024-06-29T09:46:17Z
       
       0 likes, 0 repeats
       
       oh, apparently SIGSYS can come from seccomp...
       
 (DIR) Post #AjPyEDQDhmlqCh0QrI by wolf480pl@mstdn.io
       2024-06-29T10:47:27Z
       
       0 likes, 0 repeats
       
       Yup, it was seccomp.Tried as that other user that is a little bit less sandboxed and it now gets EPERM.Sigh...