Thank you very much!
I now understand things that I desperately want to know about hurd internal.
On November 2, 2021 6:31:17 PM GMT+02:00, Sergey Bugaev
wrote:
>Hello!
>
>As promised [0], here are the details of the Hurd vulnerabilities I have found
>earlier this year [1] [2].
>
>[0]: https://l
Fantastic work and writeup.
Apologies for interjecting here.
On Tue, Nov 2, 2021 at 6:54 PM Samuel Thibault
wrote:
> Hello,
>
> Thanks a lot for this writing! That'll surely be an interesting read for
> whoever wants to look a bit at the details of how the Hurd works. And of
> course thanks for
Hello,
Thanks a lot for this writing! That'll surely be an interesting read for
whoever wants to look a bit at the details of how the Hurd works. And of
course thanks for finding and fixing the vulnerabilities :)
Samuel
Short description
=
The use of authentication protocol in the proc server is vulnerable to
man-in-the-middle attacks, which can be exploited for local privilege escalation
to get full root access to the system.
Background: authentication
==
Here, the word
Short description
=
A single pager port is shared between anyone who mmaps a file, allowing anyone
to modify any files they can read. This can be trivially exploited to get full
root access to the system.
Background: Mach memory objects
===
Mach has t
Short description
=
libports accepts fake notification messages from any client on any port, which
can lead to port use-after-free, which can be exploited for local privilege
escalation to get full root access to the system.
Background: Mach notifications
Hello!
As promised [0], here are the details of the Hurd vulnerabilities I have found
earlier this year [1] [2].
[0]: https://lists.gnu.org/archive/html/bug-hurd/2021-10/msg6.html
[1]: https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html
[2]: https://lists.gnu.org/archive/html/bu
7 matches
Mail list logo