Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <52859C01.5060203@redhat.com>
Date: Thu, 14 Nov 2013 20:58:57 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: "I miss LSD", slides, paper and tools relating
 to finding UNIX system level vulnerabilities (as given at 44CON)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/14/2013 05:20 AM, Tim Brown wrote:
> All,
> 
> Some of you may already have spotted this, but last night we
> published our slides, paper and some tools from my talk at 44CON
> earlier in the year.  The content can be found at:
> 
> * http://labs.portcullis.co.uk/presentations/i-miss-lsd/
> 
> The take home points around the System V shared memory issues
> (detailed in more detail in the linked to paper) are:
> 
> * System V shared memory is often created with weak permissions. *
> Usage of System V shared memory by X11 applications is particularly
>  problematic. * Qt Project patched Qt APIs (CVE-2013-0254), Oracle
> patched Java JRE (CVE-2013-1500), Google patched Chrome
> independently. * No progress has been made on the problem more
> generally by either Red Hat or Debian. * Coccinelle is an effective
> tool for performing static analysis on large corpuses of C. *
> Memory corruption attacks against System V shared memory are
> unlikely.
> 
> I've also released a tool called smaSHeM (again linked to) for
> dumping System V shared memory and for manipulating it.
> 
> Tim
> 

One consistent issue I've noticed is any file/object/pipe/whatever
gets created is that 99% use the default umask and don't set any
explicitly safe permissions. And in most of these cases that leads to
problems.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJShZwBAAoJEBYNRVNeJnmTRV4QAIDndwUHA0KkRR77X0BAfHL5
carpp+BHqagcj66kCfov5Dlb0v+yqs1J99FhJQXcASyjUlA7v1iKizOdHdRLmrtU
dQKm7eUX2W0OLVX0g+scv41Lkd/A+J+xGwLnpbktdxxq997R9E7ogLewiTe13x9s
TeTf3guAY2JMOY/bonc792FiA/iW6NiUos0UKyluBdkP7t3S+C7yvif2A44UqrqI
1fqZzQBmEywcuX0jtQ899+jVHNw8yAgdI5BfYGoCR7o/DaRZyd/cQzI3Hj3EecG0
wX1yS3ypHauDBFRE/meJ43CfIZi7V3cJbSXarj6NrRygfyFsuvQ6w4pFG4ZEKVNK
54V0bWwbqmML/WGbWxsULzZjfUTpCsw16xLpvUj89c/PQxma+KAYOCI0pEVARbhe
YP6eYqBLp4Rx2amLtPTWNljolhF7KOHJNFhEJkJ5uFvRwrN1v+zySPiM/sigrdoq
hvbD5yGTDfpEogB47zUW/AdCE4tCZ9mS2MwCJ3xaD4I8jdY2Be75FEsN7f8hHa5v
YbgHTAe6DVsKdyGRqdt5qs0+SCYTJ2PMPWLoj/eb25RdZbjB3/Au3eT6dEXGrIm3
OHFwP127dPlFeKWusy00esKlEyq9k+tlYqhi1MOVoGeM/09X1LLiHpdQLU6f4U6n
30QG0ufgRj3sRikY0ySL
=oo/U
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.