Date: Thu, 14 Nov 2013 20:58:57 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: "I miss LSD", slides, paper and tools relating to finding UNIX system level vulnerabilities (as given at 44CON) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/14/2013 05:20 AM, Tim Brown wrote: > All, > > Some of you may already have spotted this, but last night we > published our slides, paper and some tools from my talk at 44CON > earlier in the year. The content can be found at: > > * http://labs.portcullis.co.uk/presentations/i-miss-lsd/ > > The take home points around the System V shared memory issues > (detailed in more detail in the linked to paper) are: > > * System V shared memory is often created with weak permissions. * > Usage of System V shared memory by X11 applications is particularly > problematic. * Qt Project patched Qt APIs (CVE-2013-0254), Oracle > patched Java JRE (CVE-2013-1500), Google patched Chrome > independently. * No progress has been made on the problem more > generally by either Red Hat or Debian. * Coccinelle is an effective > tool for performing static analysis on large corpuses of C. * > Memory corruption attacks against System V shared memory are > unlikely. > > I've also released a tool called smaSHeM (again linked to) for > dumping System V shared memory and for manipulating it. > > Tim > One consistent issue I've noticed is any file/object/pipe/whatever gets created is that 99% use the default umask and don't set any explicitly safe permissions. And in most of these cases that leads to problems. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBAgAGBQJShZwBAAoJEBYNRVNeJnmTRV4QAIDndwUHA0KkRR77X0BAfHL5 carpp+BHqagcj66kCfov5Dlb0v+yqs1J99FhJQXcASyjUlA7v1iKizOdHdRLmrtU dQKm7eUX2W0OLVX0g+scv41Lkd/A+J+xGwLnpbktdxxq997R9E7ogLewiTe13x9s TeTf3guAY2JMOY/bonc792FiA/iW6NiUos0UKyluBdkP7t3S+C7yvif2A44UqrqI 1fqZzQBmEywcuX0jtQ899+jVHNw8yAgdI5BfYGoCR7o/DaRZyd/cQzI3Hj3EecG0 wX1yS3ypHauDBFRE/meJ43CfIZi7V3cJbSXarj6NrRygfyFsuvQ6w4pFG4ZEKVNK 54V0bWwbqmML/WGbWxsULzZjfUTpCsw16xLpvUj89c/PQxma+KAYOCI0pEVARbhe YP6eYqBLp4Rx2amLtPTWNljolhF7KOHJNFhEJkJ5uFvRwrN1v+zySPiM/sigrdoq hvbD5yGTDfpEogB47zUW/AdCE4tCZ9mS2MwCJ3xaD4I8jdY2Be75FEsN7f8hHa5v YbgHTAe6DVsKdyGRqdt5qs0+SCYTJ2PMPWLoj/eb25RdZbjB3/Au3eT6dEXGrIm3 OHFwP127dPlFeKWusy00esKlEyq9k+tlYqhi1MOVoGeM/09X1LLiHpdQLU6f4U6n 30QG0ufgRj3sRikY0ySL =oo/U -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.