No, these are just ‘love taps’

Sometimes it just doesn’t pan out.

Had a junior dev that basically decided he would rather try to grift through instead of doing the job. Never seen someone work so hard at trying not to work at all. Every day it was a different excuse, a different other person to point to as to why he didn’t even try to do anything that day. I think at least 7 or 8 of his grandmothers died during his tenure. And management ate it up.

Until one day he lost track of things and blamed the manager asking him why things weren’t done. Said the manager never sent him some material and of course the manager had. Suddenly the manager believed the rest of us who had been saying he was lying for the last many months…

The key was he was cheap and was in theory supposed to be as good as a higher paid alternative, so management would have to admit to being wrong to ditch him…

Note that could prove you have it, but failure to execute does not prove yourself secure.

For example, someone reported to me that their RHEL9 system was not vulnerable based on this result. But it was because python was 3.9 and didn’t have os.splice, so the demonstrator failed, but the actual issue was there.

Similarly, if ‘/usr/bin/su’ isn’t exactly there (maybe it’s in /bin/su, or in /sbin/su, or /usr/sbin/su, or not there at all), the demonstrator will fail, but the kernel may still have the vulnerability, you just have to select a different victim utility (or change the cache for some other data other than an executable for other effects).

Looking at the binary blob, it’s a payload to assume privileges as possible and exec sh. So replace su with that and the binary gets to use su’s filesystem privileges without needing access to actually write it.

The vulnerability part is when the door opens to replace any file’s read cache with arbitrary content. The binary payload is just an obvious example of the sort of payload that could do a ton of damage.

Note that this is a rather narrow view of the scope of things.

Yes, the demonstrator is a python script that opens up ‘su’ and uses splice+this vulnerability to change it to ‘just assume all privileges and become sh’.

However, it’s that any process in any namespace can leverage a certain socket type and splice to effectively modify any filesystem content they want. It’s easy to see how this could be part of a chained attack to, for example, replace a protected service that is firewalled off with a shell. An RCE in a service permits rewriting nginx in an entirely different container and replaces it with a shell backend of your choosing.

That ‘flatpak’ application on your single user system that is guarded from touching your files that aren’t related? That isolation doesn’t mean anything if this issue is in play.

In terms of shared systems, while it should be avoided if possible, practically speaking there’s a lot of shared resources.

I don’t get why I’ve seen so many people saying “ehh, no big deal, privilege escalation is just a fact of life”.

Yes, but the point is their dying is more of a distribution.

Zombie processes do not use resources, well, a little, it’s basically an entry describing how it exited.

The parent process is the thing keeping the zombie entry open. Killing it’s parent should work if they bother you.

To be fair to the media, there just isn’t enough time to cover all of the blatant corruption of Trump and his orbit. There are only so many hours in the day…

I think Israel didn’t bother to ‘talk’, they just Leeroy Jenkinsed it up and the military decided they had to ride or die with it…

Trump didn’t make the leap to directly say to do that, but he did clearly think that strong lights and disinfectant in the body ‘should be looked into’. He was saved from directly making a terrible recommendation by having some amount of deference for the medical organizations, but did try to show ‘thought leadership’ in a very dumb direction.

It was not some sort of Stanford spinning up wild concepts, it was Trump taking very obvious things about how we handle these things outside the body and thinking that we would be the first to ask ‘but what about inside the body?’. Yes, he phrased it as a question to be looked into, but he clearly thought there could be something to it.

About the only credit you can give to first term Trump in this scenario is that he at least ultimately left health issues up to the health departments, even as he groused the whole time.

“Cigarettes can’t hurt you, anything that goes in the lungs you can just blow it back out again”

Nah, President Dwayne Elizondo Mountain Dew Camacho at least wanted the smartest man in the world trying to solve problems for him. This administration wouldn’t let a smart man near anything.

That’s just proof that he’s onto something, Big Cancer is afraid to admit that a cheap cancer cure already exists, obviously.

It’s grading on a curve.

Biden/Harris were weak on Israel, barely managing to occasionally wag a finger at them for misbehavior, but continuing to provide some support to Israel. This was bad.

Trump’s admin has been all in on it and has been ride or die for everything Netanyahu wants. This is even worse.

I know you are kidding, but if a monthly toll dividend payment went out to taxpayers even for a pittance, lots of folks would probably cheer the conquest happily.

I don’t know what you are getting at, of the people who come over from China and Taiwan that I talk to, no one believes that the two are one “nation” with different opinions on who is the authority. They may believe there’s not a distinct cultural identity but none think the “no, there’s only one China and onlywe are the real China” is a thing in practice, just a political formality.

The ones from China do say they wouldn’t push their luck expressing that publicly, and one went so far as to borrow a computer to log into without any association with them because they were paranoid about using their laptop issued to them with the Chinese employer preload. He wanted to read some Wikipedia the way an American sees it while he was over on business.

Tangentially, another one from China was super excited to try to get someone to get him a gun to shoot. We did manage to hook him up with a gun range.

Ctrl r my friend

A guy vibe coded something and said to incorporate it into my work.

Now it was a feature that people had asked for so I had to try it out.

It failed 75% of the things it was supposed to do and for the other what usually was a near instant interactive task took 5 minutes. I kicked it back saying he needed to fix the problems and improve performance. The end of the next day he answered that the infrastructure must be broken because the AI couldn’t get results and the performance problem was just the nature of the things the software had to interact with. I say “he”, but pretty sure his comment was LLM generated, long and useless.

But it was the impetus to get that function done now, as his “substantiative” work meant we could technically provide a customer request, lower priority as it may have been. So I spent a morning implementing the same thing it did but the old fashioned way, 100% worked and the unavoidably slow thing took less than a second.

Now I’m going to vote for you.

Frankly, the American voting public cares less about the unjust deaths of untold many foreign folks than the price of eggs 8 months before the vote.