Collaborate Disseminate
An engineering manager at Netflix has unearthed several TCP networking vulnerabilities in Linux and FreeBSD kernels that could lead to systems crashing or consuming too many resources and (consequently) slowing down. About the vulnerabilities The flaws… Continue reading SACK TCP flaws can crash, slow down Linux-based systems
Researchers have revealed how malicious Thunderbolt and PCI Express (PCIe) peripherals could be used to compromise computers running macOS, Windows, Linux and FreeBSD. Continue reading Thunderclap: Apple Macs at risk from malicious Thunderbolt peripherals
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend… Continue reading New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers
I am evaluating the systemd-nspawn containers security and would like to know if the systemd-nspawn containers provide the same security guarantees as FreeBSD jails?
Specially, can an attacker escape from the container or manipulate the h… Continue reading Do systemd-nspawn containers provide the same security guarantees as FreeBSD jails?
I am going through Designing BSD Rootkits and on page 51 It talks about _exit(2) system call function but I couldn’t find it in /sys/kern/kern_exit.c. Are _exit(2) and exit1(..) the same?
We’ve all seen this kind of entries in our firewall log, which Peter Hansteen has termed the Hail Mary Cloud (or, at least, a milder version of it):
rule 5/0(match): block in on eth0: 115.238.245.2.33090 > 123.456.789.012… Continue reading pf: Filter by Class C network
I can set up my own email server, and quite happy with it, using standard open source components – postfix, roundcube, etc on top of HardenedBSD or OpenBSD.
I’d like to offer the use of my email server to friends and family,… Continue reading How can I ensure higher levels of privacy when hosting others’ emails?
Scenario/question:
A unix directory tree has NTFv4 ACLs configured to allow an unprivileged account traversal on all dirs (but no other ACL granting further rights on any file/dir anywhere
In such a case, is it completely s… Continue reading Is the traversal permission in a Unix filesystem exploitable by itself, in the absence of any other permissions/ACLs?
I think I need to allow wide links of some kind, to handle a set of mountpoints in Samba.
The actual scenario is that I want to make a dataset’s /.zfs/snapshot (and some of its descendant individual snaps and some of their… Continue reading In Samba, what is the security difference between "wide links" and "insecure wide links"?
A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq. Continue reading Google Warns of DoS and RCE Bugs in Dnsmasq