#atop — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #atop, aggregated by home.social.
-
CVE Alert: CVE-2026-3823 - Atop Technologies - EHG2408 - https://www.redpacketsecurity.com/cve-alert-cve-2026-3823-atop-technologies-ehg2408/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-3823 #atop-technologies #ehg2408
-
CVE Alert: CVE-2026-3823 - Atop Technologies - EHG2408 - https://www.redpacketsecurity.com/cve-alert-cve-2026-3823-atop-technologies-ehg2408/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-3823 #atop-technologies #ehg2408
-
CVE Alert: CVE-2026-3823 - Atop Technologies - EHG2408 - https://www.redpacketsecurity.com/cve-alert-cve-2026-3823-atop-technologies-ehg2408/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-3823 #atop-technologies #ehg2408
-
CVE Alert: CVE-2026-3823 - Atop Technologies - EHG2408 - https://www.redpacketsecurity.com/cve-alert-cve-2026-3823-atop-technologies-ehg2408/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-3823 #atop-technologies #ehg2408
-
CVE Alert: CVE-2026-3823 - Atop Technologies - EHG2408 - https://www.redpacketsecurity.com/cve-alert-cve-2026-3823-atop-technologies-ehg2408/
#OSINT #ThreatIntel #CyberSecurity #cve-2026-3823 #atop-technologies #ehg2408
-
The updated news is that atopgpud's TCP service, that I mentioned, is indeed one problem.
https://github.com/Atoptool/atop/issues/334
It does beg the question of why it uses TCP at all, when an AF_LOCAL socket in /run/atop/ or something is more in line with its other data-collection service.
-
Far from the only problem with atopgpud.
-
However, note that someone else has run xyr own code checker on atop in the meantime and claims to have found a problem nonetheless.
-
I saw it, and I agree with people's response to "This is not the way to do this.", which was: "Then why did you do it that way, then?"
-
I've just installed #atop on #sydbox #ctf server in case people want to explore exploiting the recent heap corruption. I don't trust jia tan enough to leave atop.service running as root though so the attack vector is limited. Sail with #ssh to syd.chesswob.org (user/pass: syd) or go to https://syd.chesswob.org although the #nodejs client is a bit more limited. See here for the #security issue, https://www.openwall.com/lists/oss-security/2025/03/26/2 (tl;dr uninstall #atop asap!) and here for #sydbox #ctf https://ctftime.org/event/2178
-
There's a whole bunch of dodgy stuff, from atopgpud to code that assumes that it can blat a NUL and then call strcpy().
See thread at
https://social.chatty.monster/@losttourist/114229385233902820 -
People who wrote their system tools with safe string libraries such as DJB's, skalibs, or even just C++'s std::string automatically suspect such tries-to-be-clever-with-NULs code.
At the bare minimum, tag the SPC onto the destination buffer & don't touch the (possibly only 1) NUL-terminated source buffer. But better yet, don't do it that way at all.
But there are so many other poor practices in that software, including the aforementioned atopgpud TCP server.
-
These things when undisclosed are usually almost never reflected in GitHub.
I looked at the code yesterday, and, from inspection only, my suspicion immediately landed on photoproc.c .
There's some dodgy C trickery going on there that I wouldn't put past having some edge cases.
Assuming (wrongly) that a string is doubly-NUL terminated (not guaranteed by getdelim()), blatting the first NUL with a SPC and then calling strcpy() is just one such suspect case.
-
-
There are a lot of potential vulnerability loci.
It could even be a privacy thing. Arch users get the whole package, which includes an atopgpud that sends GPU statistics over TCP out to anyone who asks, and has no connection limiting or transaction timeout capabilities. (This isn't packaged in Debian.)
-
My educated guess is the kernel module or the dæmon having some serious problem. The command-line tool isn't set-UID, as far as I can see. (I'm just going off the package install recipes. I don't have it installed.)
-
@catsalad @puppygirlhornypost2 @Emily
Also note that there are different #atop packages around.
-
Might be excessive.
The #atop used in #FreeBSD is a different one to the one used by Linux distributions (& #NetBSD/#OpenBSD have no atop in ports/packages at all).
FreeBSD sysutils/atop in the ports tree uses a FreeBSD codebase maintained by Alex Samorukov. It has no kernel module/atopacctd.
https://freshports.org/sysutils/atop/
https://github.com/samm-git/atop-freebsd
Arch/Debian instead track Gerlof Langeveld's atoptool, which has a kernel module/BPF hooks & an atopacctd.
-
-
Im not uninstalling #atop from the hospital servers until I get a proper reason.
#Linux #SysAdmin #Servers #Server #Hosting #Top #ProcessMonitor #Monitoring
-
-
You might want to stop running atop
https://rachelbythebay.com/w/2025/03/25/atop/
#HackerNews #You #might #want #to #stop #running #atop #HackerNews #TechNews #WebDevelopment #SoftwareEngineering #Programming
-
@nixCraft I don't. But I do love atop or, as I like to call it, the ultimate consultant tool…
-
Today in clouds. A brilliant 22° solar halo earlier this afternoon and pleasant dark (slightly lenticular) clouds obscuring the sun this evening 😀
#clouds #sky #iphoneograpy #Perthshire #Scotland #atop #atmosphericoptics #solarhalo
-
Today in clouds. A brilliant 22° solar halo earlier this afternoon and pleasant dark (slightly lenticular) clouds obscuring the sun this evening 😀
#clouds #sky #iphoneograpy #Perthshire #Scotland #atop #atmosphericoptics #solarhalo
-
Today in clouds. A brilliant 22° solar halo earlier this afternoon and pleasant dark (slightly lenticular) clouds obscuring the sun this evening 😀
#clouds #sky #iphoneograpy #Perthshire #Scotland #atop #atmosphericoptics #solarhalo
-
Today in clouds. A brilliant 22° solar halo earlier this afternoon and pleasant dark (slightly lenticular) clouds obscuring the sun this evening 😀
#clouds #sky #iphoneograpy #Perthshire #Scotland #atop #atmosphericoptics #solarhalo
-
Today in clouds. A brilliant 22° solar halo earlier this afternoon and pleasant dark (slightly lenticular) clouds obscuring the sun this evening 😀
#clouds #sky #iphoneograpy #Perthshire #Scotland #atop #atmosphericoptics #solarhalo
-
Dramatic (and interestingly shaped) clouds seen during this afternoon's thunderstorms at Findhorn Bay.
Also quite nice light and crepuscular rays through the clouds whilst driving back homeward :)#moray #scotland #thunderstorm #clouds #dramatic #stormchasing #light #atop #crepuscularrays #fujixh2 #convective #weather #convectiveweather #wx
-
Can't remember seeing a solar halo in February before, but there we are... 😀
-
@schnedan soweit ersichtlich bietet glances von Haus aus keine Historie.
Wenn man also ein historisches System-Ereignis analysieren will, müsste man dies selbst erledigen und mit dem glances-Export ein CSV oder eine InfluxDB füttern, um sie dann mit einem weiteren Tool wieder zu visualisieren.
#atop + #atopsar-plot liefern das schon mit, und das ohne Konfiguration.
-
Wir haben außerdem dafür das Addon atopsar-plot geschrieben, das die Historie grafisch aufbereitet. So lässt sich der Zeitraum des Geschehens eingrenzen und später mit atop im Detail analysieren.
https://github.com/Atoptool/atop
https://codeberg.org/mgellner/atopsar-plot
[2/2]
-
Another impressively bright and colorful solar halo at lunchtime today
-
As complete 22º solar halos go, this is perhaps the clearest and most colourful I’ve seen. Pretty awesome stuff from this morning.
#solarhalo #sky #cirruscloud #perthshire #scotland #atop #nofilter #photography
-
I looked up. Stopped. Reached for … all the cameras at once.
22º solar halo and upper tangent arc (possibly a parhelic circle as well?) this afternoon.
Wow.
#solarhalo #atmosphericoptics #atop #midlothian #photography #darktable #sky