Forwarded from ㅤUndi Snökatt - (that squeaky cat!) ^.ᆽ.^= ∫ ㅤㅤㅤ
This media is not supported in your browser
VIEW IN TELEGRAM
😁2
I wanted to post something silly but have nothing, so might y'all post something this time.
😁4
If you use podman or buildah, here's the critical CVE
https://bugzilla.redhat.com/show_bug.cgi?id=2265513
It allows a full container escape on the build stage.
It shouldn't affect running containers.
Also if you use SELinux (please tell me that you do), it'll be limited to R/O.
https://bugzilla.redhat.com/show_bug.cgi?id=2265513
It allows a full container escape on the build stage.
It shouldn't affect running containers.
Also if you use SELinux (please tell me that you do), it'll be limited to R/O.
I'm sorry but apparently Red Hat started working the new NVIDIA driver written by Rust, just like a few months after NVIDIA partially open-sourced its own driver.
Right now we already have 3 NVIDIA variants:
1. noveau - part of Linux kernel, open-source
2. propriety nvidia
3. open nvidia
We might have one more for no reason.
https://lists.freedesktop.org/archives/dri-devel/2024-March/446709.html
I'm not going to comment this as I'm not quite sure what my position about this is. I kinda see both positive and negative sides of this.
Right now we already have 3 NVIDIA variants:
1. noveau - part of Linux kernel, open-source
2. propriety nvidia
3. open nvidia
We might have one more for no reason.
https://lists.freedesktop.org/archives/dri-devel/2024-March/446709.html
I'm not going to comment this as I'm not quite sure what my position about this is. I kinda see both positive and negative sides of this.
Another shit news is that Redis is going to the proprietary license. That means that it'll be soon removed from all sane distros. openSUSE already discussing this in their mailing list.
Mostly likely, we'll gonna have a fork of Redis.
Mostly likely, we'll gonna have a fork of Redis.
Forwarded from memy zajebiste (MARCHWJ)
This media is not supported in your browser
VIEW IN TELEGRAM
https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results
You might like to scroll this one, but I want to highlight an Ubuntu case.
STAR Labs SG was able to escalate permissions from a regular user to root.
As well as the Docker container escape case. By default Docker uses root deamon, so you don't even need to use the vulnerability I mentioned below.
Once again I urge to not use Ubuntu and use more secure distros with more advanced security protection like SELinux.
Use podman and rootless containers instead of Docker, this way by escaping containers you get only user permissions and ideally still restricted by SELinux policy which allows only r/o access by default.
You might like to scroll this one, but I want to highlight an Ubuntu case.
STAR Labs SG was able to escalate permissions from a regular user to root.
As well as the Docker container escape case. By default Docker uses root deamon, so you don't even need to use the vulnerability I mentioned below.
Once again I urge to not use Ubuntu and use more secure distros with more advanced security protection like SELinux.
Use podman and rootless containers instead of Docker, this way by escaping containers you get only user permissions and ideally still restricted by SELinux policy which allows only r/o access by default.
Zero Day Initiative
Zero Day Initiative — Pwn2Own Vancouver 2024 - Day Two Results
Welcome to the second and final day of Pwn2Own Vancouver 2024! We saw some amazing research yesterday, including a Tesla exploit and a single exploit hitting both Chrome and Edge. So far, we have paid out $723,500 for the event, and we’re poised to hit $1…
Forwarded from [anywhere] Department of Ferrets, Memetics, Cognitohazards and чіназес (Z)
Forwarded from Griseus Wolf
Translate:
well, I wanted to bake a duck for New Year. Just before the New Year, it suddenly turned out that there were no whole ducks in the store, only spare parts. A strategic decision was made to take the duck parts and cook them. At home, I became upset that there would be no whole duck, and I tried to reconstruct the duck from the breasts and legs by stitching. At the same time, it turned out that the trays had not two, but three legs, making a total of six of them, five of them being left ones. While I was sewing the duck, I coated it a little with food coloring, which my sister had splashed in the kitchen while she was making gingerbread cookies (they turned out great gingerbread cookies, by the way), and the duck began to look like it was moldy or rotten. I did not tolerate such injustice and filled it all with dye to hide the stains. And then I stuffed her ass with celery and oranges, just because I could.
well, I wanted to bake a duck for New Year. Just before the New Year, it suddenly turned out that there were no whole ducks in the store, only spare parts. A strategic decision was made to take the duck parts and cook them. At home, I became upset that there would be no whole duck, and I tried to reconstruct the duck from the breasts and legs by stitching. At the same time, it turned out that the trays had not two, but three legs, making a total of six of them, five of them being left ones. While I was sewing the duck, I coated it a little with food coloring, which my sister had splashed in the kitchen while she was making gingerbread cookies (they turned out great gingerbread cookies, by the way), and the duck began to look like it was moldy or rotten. I did not tolerate such injustice and filled it all with dye to hide the stains. And then I stuffed her ass with celery and oranges, just because I could.