Woah woah woah. Not my gaming box!!!
https://www.securityweek.com/asus-armoury-crate-vulnerability-leads-to-full-system-compromise/
#TOCTOU
My husband says he just accidentally discovered that in Oblivion Remastered, if you shoot an arrow while sneaking and then hotkey to a dagger before the arrow connects, you get the dagger's much larger sneak attack multiplier.
that's a real Classic of Bug right there
Wieder etwas neues über #SecureCoding gelernt: Mir war #TOCTOU bisher kein Begriff in der #ItSecurity https://www.heise.de/hintergrund/Secure-Coding-CWE-377-TOCTOU-Race-Conditions-in-den-Griff-bekommen-10081613.html
CWE-377 – Insecure Temporary File in Java
In software development, temporary files are often used to store data temporarily during an application’s execution. These files may contain sensitive information or be used to hold data that must be processed or passed between different parts of a program. However, if these temporary files are not managed securely,
https://svenruppert.com/2024/08/21/cwe-377-insecure-temporary-file-in-java/
#Java #SecureCodingPractices #Security #CWE377 #TOCTOU
@lobocode The first hunk is classic #TOCTOU ... you already check whether fopen() succeeds, there's no way to "do better". Between your check with access() and opening with fopen(), anything about the file could change.
(edit: Ok, not "classic", the classic TOCTOU would be omitting the check on fopen() assuming it MUST succeed after checking with access(), which would be plain wrong. Your variant is just a bit of unnecessary code 😉)
#sydbox 3.2.0 is out, #sydbox is the #seccomp and #landlock based application sandbox with support for namespaces written in #rust. starting with this release #sydbox emulates all sandboxing system calls except exec and chdir which means network sandboxing and most of path sandboxing is now completely toctou-free. You think #toctou is an illusion? Here, hold my beer: http://ix.io/4J84 #exherbo #gentoo #sandbox
The Quest to Secure chown and symlinks
https://buildkite.com/blog/paved-with-good-intentions-the-story-of-fix-buildkite-agent-builds-permissions
#ycombinator #Security #TOCTOU #Symlink #chown #chroot_jail #file_permissions
Уязвимость в прошивках UEFI, позволяющая выполнить код на уровне SMM
Наличие уязвимости подтверждено в прошивках Intel, Dell и Insyde Software (утверждается, что проблема затрагивает 8 производителей, но остальные 5 пока не раскрываются). Прошивки AMD, Phoenix и Toshiba проблеме не подвержены.
Технические детали лучше читать в оригинале (на мой взгляд перевод немного не точен):
https://kb.cert.org/vuls/id/434994
A race condition involving the access and validation of the SMRAM can be achieved using DMA timing attacks that rely on time-of-use (TOCTOU) conditions. An attacker can use well-timed probing to try and overwrite the contents of SMRAM with arbitrary data, leading to attacker code being executed with the same elevated-privileges available to the CPU (i.e., Ring -2 mode). The asynchronous nature of SMRAM access via DMA controllers enables the attacker to perform such unauthorized access and bypass the verifications normally provided by the SMI Handler API.
Всем причастным лучше обновиться:
Для блокирования проблемы пользователям Linux рекомендуется обновить прошивку при помощи сервиса LVFS (Linux Vendor Firmware Service), воспользовавшись утилитой fwupdmgr (fwupdmgr get-updates; fwupdmgr update) из пакета fwupd.
Does anyone know why we have exactly 3 standard IO streams (stdin, stdout, stderr)?
It's not like we still need to use real TTYs.
We could have used at least a few extra inherited streams, especially when using pipes or opening child processes. I need one for improving #a11y and security.
There once was a #POSIX proposal to ad an extra opt-in file descriptor for defending against #TOCTOU attacks, that's all I found. But the reference is broken, and it's late here.
https://en.wikipedia.org/wiki/File_descriptor#Upcoming_operations
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst