BlueRock.io的动态

I have added #OmniOS and #Windows autounattend.xml support to the *agine.sh parts of #OccamBSD: https://lnkd.in/ga5NynCM #FreeBSD #Debian

?? Critical Vuln Alert: Backdoor found in XZ utils (CVE-2024-3094) On March 29th it was revealed that a malicious actor planted a backdoor in the Linux software library (liblzma), part of the widely used XZ utils package. This could potentially allow unauthorized access to systems. Learn more about the XZ backdoor (CVE-2024-3094) and how to protect yourself in this recent blog post from Snyk's Liran Tal. https://snyk.co/ugLd4 #SecurityAlert #vulnerability

kotest - tool to check references to/from #linux #lkm discardable sections part1: https://lnkd.in/eKC6MZHv part2: https://lnkd.in/eudHtgJT part3: https://lnkd.in/ecdWcCdN

If you're involved in software development, you can't afford to miss this. The XZ Backdoor is the latest potential nation-state attempt to infiltrate software supply chains and the open-source ecosystem. A prolonged, high-stakes campaign was carried out to plant a backdoor in the Linux software library liblzma, which gained access to multiple operating systems via Linux distributions. The campaign was successful until a curious engineer noticed a glitch. Learn more about the XZ Backdoor and how Snyk can help proactively protect you in similar situations. #softwaresupplychain #opensourcesecurity #developersecurity Read more: https://lnkd.in/ewBx-5tx

A backdoor in xzutils has been making waves in the Linux Community as companies like Red Hat warn users to downgrade their packages if they're on affected versions. I wanted to take a deeper dive and look into how the exploit works and how it was even introduced into the release tarbells to begin with. You can find my analysis of the situation here > https://lnkd.in/g_x55C88

One use case for cgroupv2 is to prevent "rogue" processes set your host on fire. This time we will have a look at the cpuset controller #linux #cgroupv2

Status update on GCC security features for the Linux kernel - Qing Zhao. Multiple security features for the Linux kernel have been added into GCC releases since GCC11, including "zero call-used registers at return" (GCC11), "stack variables auto-initialization" (GCC12), "treating flexible array members in a stricter way" (GCC13), etc. These features have been actively used by the Linux kernel to improve its security for several years. In this talk, we will focus on several most recent features in this area (in GCC14 and GCC15) First, I provide a status update on the task list including most-wanted security features for the Linux kernel from last year. The first group includes several items relating to flexible array members (FAM), such as, supporting "structures with FAM nested in other structures", supporting "FAMs in unions", and "a new attribute counted_by for FAMs". All these items are finished and committed into GCC14 and GCC15. - The second group includes items that reduce false positive warnings for -Warray-bounds. Most of the items are fixed, one item has been further discussed and agreed on. Instead of a GCC false positive, it's a real kernel bug. Kernel patch has been submitted to fix this bug. At the same time, GCC need general improvement in this area to provide more contexts information to the users when issuing warnings. The GCC work is ongoing. The third group includes several items about arithmetic overflow protection, including new unsigned overflow detection, improvement to signed integer overflow handling, etc. Some more discussion on this area, not too much real progress. CLANG has made bigger progress in this area, GCC might need catch up. The last group is kernel control flow integrity (KCFI), which is a big but important security feature, wanted badly by the Linux kernel. More discussion but no real progress yet. Then, More details are given on multiple interesting items that have been done within this year or are ongoing right now. The implementation of counted-by attribute for FAM in GCC15. Extend counted-by attribute to pointers inside structures or pointer arguments of a call. Improvement to GCC diagnostic to provide more hints of compiler code duplication to end user in order to help users to locate the error accurately in their code. The talk concludes with a sketch of future work and further improvement in this area. https://lnkd.in/eUvPdJdD

Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR https://lnkd.in/g7NUh4cS #exploit #windows #github #cve #ntkernel

https://lnkd.in/dTEf3MtW - Kill processes - Change protection levels - Elevate any process token to SYSTEM - Enumerating and erasing kernel callbacks - Protecting the driver file - Hide Process by PID Learning about Windows #rootkit lately, so here is my own implementation of some techniques. For an overview, see?Features?below.

New universal Linux kernel LPE - cries in dirty cow - https://lnkd.in/dU4UsAdQ