HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Pharaoh2

no profile record

Submissions

Show HN: Toolbox: Run FFmpeg, Imagemagick, 7Zip and Friends in the Browser

toolbox.computer
5 points·by Pharaoh2·anno scorso·0 comments

Show HN: Python tool to migrate from YT Music to Spotify

github.com
1 points·by Pharaoh2·anno scorso·0 comments

comments

Pharaoh2
·7 mesi fa·discuss
https://react.dev/blog/2025/12/03/critical-security-vulnerab...

Privately Disclosed: Nov 29 Fix pushed: Dec 1 Publicly disclosed: Dec 3
Pharaoh2
·12 mesi fa·discuss
https://www.dnsperf.com/#!dns-resolvers

Last 30 days, 8.8.8.8 has 99.99% uptime vs 1.1.1.1 has 99.09%
Pharaoh2
·anno scorso·discuss
NPOs still need to be financially sustainable/viable. They still need to pay their employees and pay their vendors.
Pharaoh2
·9 anni fa·discuss
4,5 and 6 don't need to time the attack.

I am not really sure how/if zero copy may/may not solve this problem.

If this bug only allows reading kernel pages, zero copy may actually help if the unprivileged user can't read your pages, but from the small amount of available description it looks like it can read any page, but kernel pages are more interesting because thats a ring lower and which is why all the focus is on that.

I am fairly certain there is more protection against being able to read memory owned by process on a lower ring level so zero copy may be a bad idea for security critical data.

And based on the disclosure that google published, looks like any memory can be read
Pharaoh2
·9 anni fa·discuss
I can think of a few ways to get privilege escalation if you already have rce as unprivileged user:

1. Read the root ssh private key from the openssh deamons kernel pages maintaining the crypto context and ssh into the system

2. Read a sudo auth key generated for someone using sudo and then use that to run code as a root user

3. Read the users password's whenever a session manager asks the users to reauth

4. If running in AWS/GCP inside a container/vm meant to run untrusted code, read the cloud provider private keys and get control on account

5. RCE to ROP powered privilege escalation exploit seems reasonable...

6. Rowhammer a known kernel address (since you can now read kernel memory) to flip some bits to give you root

Also remember running JS is basically RCE if you can read outside the browser sandbox, ads just became much more dangerous...