home.social

#capsudo — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #capsudo, aggregated by home.social.

  1. the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

    changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

    interestingly, openpax kernels kill the exploit early in the exploit chain.

    either way, 6.18.28 fixes it for everyone.

    but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

    #alpinelinux

  2. the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

    changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

    interestingly, openpax kernels kill the exploit early in the exploit chain.

    either way, 6.18.28 fixes it for everyone.

    but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

    #alpinelinux

  3. the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

    changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

    interestingly, openpax kernels kill the exploit early in the exploit chain.

    either way, 6.18.28 fixes it for everyone.

    but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

    #alpinelinux

  4. the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

    changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

    interestingly, openpax kernels kill the exploit early in the exploit chain.

    either way, 6.18.28 fixes it for everyone.

    but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

    #alpinelinux

  5. the #dirtyfrag exploit does not run successfully on alpine because the path to the donor SUID binary is hardcoded as /usr/bin/su.

    changing that to /bin/bbsuid allows the exploit to run, but it hangs for me on linux-lts 6.18.27.

    interestingly, openpax kernels kill the exploit early in the exploit chain.

    either way, 6.18.28 fixes it for everyone.

    but it goes to show the danger of #SUID binaries and why SUID-less solutions like #capsudo are important.

    #alpinelinux

  6. #capsudo 0.1.1 has been released!

    distfiles.ariadne.space/capsud

    If you are on Alpine edge and have testing packages enabled, you can install capsudo from there and then start the capsudo service.

    If you want password authentication, use the capsudo-pwauth service which will challenge the capsudo client to provide your password, otherwise there is no authentication at all.

    the tl;dr: capsudo is essentially sudo, but done with object capabilities instead of an SUID binary.

    My blog last month explains the theory side of it and how you can use object capabilities to stitch all sorts of interesting things together without the need of a complex policy engine.

    Part 2 of the series will land sometime this weekend... and then finally after that we will get to the chapter the Hacker News and Lobsters people wanted to skip to after that.

    If someone wants to send me the bits to make this all work with systemd, that would also be great, but as I don't use systemd, I would have to otherwise guess.

  7. next stream will be tomorrow, we will be hacking on #capsudo!

    i was thinking about streaming today, but i'm not in the mood given current events