smx-smx

XZ Backdoor symbol deobfuscation. Updated as i make progress

shafik

What is the Strict Aliasing Rule and Why do we care?

(OR Type Punning, Undefined Behavior and Alignment, Oh My!)

What is strict aliasing? First we will describe what is aliasing and then we can learn what being strict about it means.

In C and C++ aliasing has to do with what expression types we are allowed to access stored values through. In both C and C++ the standard specifies which expression types are allowed to alias which types. The compiler and optimizer are allowed to assume we follow the aliasing rules strictly, hence the term strict aliasing rule. If we attempt to access a value using a type not allowed it is classified as undefined behavior(UB). Once we have undefined behavior all bets are off, the results of our program are no longer reliable.

Unfortunately with strict aliasing violations, we will often obtain the results we expect, leaving the possibility the a future version of a compiler with a new optimization will break code we th

dloman

### BEGIN INIT INFO
# Provides: Xvfb
# Required-Start: $local_fs $remote_fs
# Required-Stop:
# X-Start-Before:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Loads X Virtual Frame Buffer
### END INIT INFO

kyrylo

Constant lookup in Ruby can happen lexically or through the ancestry tree of the receiver(a class or module). You can identify which lookup rules are being applied by the context you're in or by the syntax being used to define a class or module.

A class body that is defined as class A::B::C; …; end will lookup constants through the ancestry tree when a constant is evaluated in its class body. Anytime you see A::B::C being used as syntax to define a class or lookup the value of a constant the ancestry tree is being used for the lookup.

rgreenjr

-- show running queries (pre 9.2)
SELECT procpid, age(clock_timestamp(), query_start), usename, current_query 
FROM pg_stat_activity 
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' 
ORDER BY query_start desc;

-- show running queries (9.2)
SELECT pid, age(clock_timestamp(), query_start), usename, query 
FROM pg_stat_activity 
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' 

peo3

#!/bin/sh

# Setup a rootfs of Fedora 15 for libvirt lxc
# 
# The rootfs is based on http://download.openvz.org/template/precreated/fedora-15-x86_64.tar.gz
# 
# See also
# - http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg01707/lxc-fedora.in

if [ $# != 1 ]; then

berngp

//grails-app/conf/JMSSpringBeans.groovy

import grails.util.Environment
import org.apache.activemq.spring.ActiveMQConnectionFactory
import org.springframework.jms.connection.SingleConnectionFactory
import grails.util.Environment
import org.apache.activemq.spring.ActiveMQConnectionFactory
import org.springframework.jms.connection.SingleConnectionFactory

beans {

jordansissel

snack(~) % rm /tmp/flag
snack(~) % echo "Hello" > /tmp/original
snack(~) % sudo puppet apply unmanaged-notify.pp
notice: /Stage[main]//File[/tmp/flag]/ensure: defined content as '{md5}09f7e02f1290be211da707a266f153b3'
notice: /Stage[main]//Exec[hello world]: Triggered 'refresh' from 1 events

# Won't exec 'hello world' again because no change occured to /tmp/original:
snack(~) % sudo puppet apply unmanaged-notify.pp

# Now change /tmp/original: