[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Edit][Settings] [Search] [Mobile] [Home]
Board
Settings Mobile Home
4chan
/g/ - Technology

Name
Options
Comment
Verification
4chan Pass users can bypass this verification. [Learn More] [Login]
File
  • Please read the Rules and FAQ before posting.
  • You may highlight syntax and preserve whitespace by using [code] tags.

08/21/20New boards added: /vrpg/, /vmg/, /vst/ and /vm/
05/04/17New trial board added: /bant/ - International/Random
10/04/16New board for 4chan Pass users: /vip/ - Very Important Posts
[Hide] [Show All]


[Advertise on 4chan]


Because of the copy-fail exploit there is a python script that is only ten lines long that can root every single linux distribution. And because your browser runs almost everything, an attacker can use a packet injection to compromise your machine. All they have to do is work out your IP address (fyi, if you are not using the tor browser in a vm or whonix then you are constantly leaking your IP address all over the internet) and then send the script to port 80 or port 443 on your machine. If your browser was running at that moment, they are now connected to your machine through your browser and they are root.

Once they've done that they can make the compromise permanent by using fwupd to install malware on your motherboard. And because the attack is entirely in RAM and on the motherboard they don't leave behind any forensic evidence on your hard drive. That means that if you can run a program like AIDE over your entire filesystem before and after this attack, and you won't find anything.

It gets even better, because copy-fail allows people to escape containers. Even if you run your browser in a container that limits access, this exploit still works. Copy-fail can also enable escape from sandboxes that use c-groups like firejail.

This exploit was in the linux kernel for NINE years.

This is your daily reminder that Linus Torvalds is the biggest fuck up in the history of the IT industry. I know that this man has a following of buttbuddy fan boys and I challenge all of you to name just one fuck up that was bigger than Linus Torvald's one.
>>
This shows once again that Linux is anything but secure. And that the security argument against other OSes is a weak one.
>>
>>108798079 (OP)
Link?
>>
What if my browser is a waterfox flatpak on silverblue? I also heard some youtuber say we should upgrade our kernels, so I assume it's patched?
>>
>>108798079 (OP)
if there was an exploit that caused my linux machine to be permanently pwned and all files were deleted every other month I would still stay with linux. using windows is just that miserable of an experience
>>
>And because your browser runs almost everything, an attacker can use a packet injection to compromise your machine.
If an attacker can get around my browser's sandbox that easily I have way bigger problems than root escalation.
>>
>>108798099
>waterfox
https://x.com/GrapheneOS/status/1976077020212977773
>flatpak
https://github.com/flatpak/flatpak/issues/5921
>>
File: cooljcd.png (466 KB, 600x745)
466 KB PNG
>>108798079 (OP)
OpenBSD: unaffected
Microkernels: unaffected, can not ever be affected by one kernel (driver) exploit to this level
>>
>>108798079 (OP)
>Once they've done that they can make the compromise permanent by using fwupd to install malware on your motherboard. And because the attack is entirely in RAM and on the motherboard they don't leave behind any forensic evidence on your hard drive. That means that if you can run a program like AIDE over your entire filesystem before and after this attack, and you won't find anything.

what about dumping bios to verify?
what about flashing bios - can hacked bios forever refuse any future upgrades and just pretend to install them?

how this changes between mother boards?
How to properly defend from this on older boards,
and how on the recent ones?

I assume desoldering some chip (programmable ROM) and moving it to the programmer board is the sure way to "externally" force dump it and as well force upgrade it?
>>
>>108798079 (OP)
>/g/eet tard
>3 LPE old bug
>hallucinated technical info
>>
>>108798091
That's actually python vulnerability and user space issue.
>>
>>108798079 (OP)
>This exploit was in the linux kernel for NINE years.
There are over 15 major exploits in the linux kernel. You have know idea how little you know. Not just that but I TOLD YOU before anthropic and /g/ linux users made fun of me.

>t. race condition knower and offline LAN
>>
>>108798256
>There are over 15 major exploits in the linux kernel. You have know idea how little you know. Not just that but I TOLD YOU before anthropic and /g/ linux users made fun of me.
Unpatched?
You making this up, or...?
>>
>>108798261
>Unpatched?
yes
>>108798261
>You making this up, or...?
that's a minimum, it's riddled with them. I'm not in an operating system tribe either, the only way to be secure is to have an offline lan. Linux is wide open and has been for ten years.
>>
>>108798079 (OP)
>And because your browser runs almost everything, an attacker can use a packet injection to compromise your machine. All they have to do is work out your IP address (fyi, if you are not using the tor browser in a vm or whonix then you are constantly leaking your IP address all over the internet) and then send the script to port 80 or port 443 on your machine.
What the fuck are you talking about?
Why would a web browser be listening on port 80 or 443 for python scripts and execute them?
This is how you know dead internet theory is bullshit. Even the shittiest chinese llms are smarter than this
>>
File: w.png (250 KB, 606x624)
250 KB PNG
>>108798268
>>You making this up, or...?
>that's a minimum, it's riddled with them. I'm not in an operating system tribe either, the only way to be secure is to have an offline lan. Linux is wide open and has been for ten years.
show some code, POC or something
>>
>>108798280
The take the ten things that the python script does and then write a script in another language that your browser will execute.
>>
>>108798079 (OP)
you just know OP is a shill and full of shit, when he said
>"browser can run anything"
>>
File: 1752303442303798.png (93 KB, 1101x803)
93 KB PNG
>>108798295
Go read a book
If you're not smart enough for books, chatgpt is free
>>
>>108798079 (OP)
>and then send the script to port 80 or port 443 on your machine. If your browser was running at that moment, they are now connected to your machine through your browser and they are root.
That's not how browsers fucking work.
Jesus christ.
>>
>>108798312
Yeah, well I saw someone do it and I believe my eyes.
>>
>>108798328
Fucking moron.
You have no idea what you saw.
>>
>>108798328
no firefox listens on 80/443
idiot
>>
>>108798079 (OP)
Linus did CopyFail
>>
>>108798079 (OP)
>an attacker can use a packet injection
wow!
local exclusive attacks!
we don't get many of those!
>>
> attacking someone personally for something he hasn't done
> escalating and blaming the entire idea of open source OSes
You're a special kind of stupid. Either because you don't understand what you're talking about or because you take (((their))) money for talking shit.

No (You) for OP and other shills.
>>
>>108798268
Everything (maybe except seL4-based?), is. Worst of all is openbsd, and at least linux has various ways to mitigate (e.g. grsec, MAC, etc.)

All modern software suck, period.
>>
>>108798650
>Worst of all is openbsd, and at least linux has various ways to mitigate (e.g. grsec, MAC, etc.)
grsec is mostly dead (closed off to normal users), right?

OpenBSD is the best, or show your profs, glower.
OpenBSD uses unvail / pledge, in place similar to grsec-RBAC.

I think openbsd might benefit from adapting things such as namespaces, firejail/bubblewrap, though their approach is different. I think best would be to have OpenBSD instances as separate containers.

Perhaps inside of microkernel, not SeL4 per se, but SculptureOS+NOVA.



[Advertise on 4chan]

Delete Post: [File Only] Style:
[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vm / vmg / vr / vrpg / vst / w / wg] [i / ic] [r9k / s4s / vip] [cm / hm / lgbt / y] [3 / aco / adv / an / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / pw / qst / sci / soc / sp / tg / toy / trv / tv / vp / vt / wsg / wsr / x / xs] [Edit][Settings] [Search] [Mobile] [Home]
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.