Mastodawn

This is next level infosec shitposing:

"It is the FreeBSD analogue of Linux's Dirty Pipe, CopyFail, Fragnesia, and Dirty Frag — except we gave it a BETTER name, with a BETTER logo, on a BETTER website. The other bug websites? Disasters. Sad. Many people have told us this."

https://bumsrake.de/
#CVE202645257

BUMSRAKETE™ — The Most Beautiful, Most Tremendous FreeBSD Vulnerability In The History Of Computing. BELIEVE ME.

BUMSRAKETE is a HUGE, TREMENDOUS, MANY-PEOPLE-ARE-SAYING FreeBSD kTLS-RX page-cache write primitive. The BEST primitive. Some say the best ever.

Show thread

noodle Jun 11

@jrt This is art
"📛 WHY "BUMSRAKETE"? 📛

"Bumsrakete" is a German colloquial term whose dictionary translation would land somewhere between "bang-rocket" and "sketchy DIY firework that might also be a weapon." It is roughly the energy a senior kernel engineer projects when they read the diagram on this page for the first time.

We considered other names. We thought about them. Tremendous thought.

"DirtyDMAP" — too on-the-nose.

"sendfail" — taken in spirit by every other prior art bug.

"kTLSenburst" — pronounceable only by Germans, which felt wrong.

"DMAPSTREAM" — sounds like a Netflix show.

"AESHOLE" — vetoed by the design committee, which is me, who then unvetoed it, then re-vetoed it.

BUMSRAKETE™ won because (a) it is funny in two languages, (b) it accurately predicts the trajectory of any process that holds a file descriptor while running this exploit, and (c) the logo design with a rocket basically wrote itself."

Show thread

Dr. Bruce Simpson Jun 11

@jrt They could have just said: encapsulation had been violated within the direct-map via an unprivileged socket option. The meat of the bug is to do with the kernel direct-map exposure: the AES-GCM ciphering and payload output buffers are not the problem. Key management and storage clearly are; encapsulation needs to take place in another form. I wouldn't go all-in on "It should be done in an seL4 microkernel" yet though; but it seems like a nice use case for putting keys in an enclave.

Show thread

Dr. Bruce Simpson Jun 11

@jrt But actually describing what had happened wouldn't have driven "engagement" now, would it? /s I'm now skeptical of the reporter for this reason. Pretty sure Glebius must be aware of it. It is a nice dig of sorts given FreeBSD utterly kicks Linux to the kerb at sendfile() with TLS for high throughput applications by way of being performant and functional, though, thanks to the Netflix guys, so I appreciate the intellectual nature of the joust.

Show thread

Count Holdem Jun 11

@bms48 Joust with jest is a knightly tradition.

Show thread

greg Jun 11

@jrt "Shitposting" is an anagram of "Top Insights" - may people say that. Beautiful anagram. One of the best.

Show thread

lj·rk Jun 11

@greg @jrt Almost as good as the anagram of "Banach Tarski"

Show thread

Bitslingers-R-Us Jun 11

@jrt “AESHOLE”… Nice :)

Show thread

Phil Jun 11

@jrt Oh my god my sides, god tier shitposting holy damn

Show thread

/dev/urandom Jun 11

@jrt

also, the "SRAKE" part can be read as a variant of the rude word for "ass" used in ukrainian and (less frequently) russian

Show thread

Laru Jun 13

@rnd @jrt bumsrakete literally translates to fuck rocket in german (slang)

Show thread

Laru Jun 13

@rnd @jrt but tbh i dont really understand why we need to give security vulnerabilities fancy names and websites

Show thread

Brewster Malevich Jun 11

@jrt I really like how the flashing red and yellow box with the 💥 on it causes all the text below it to shift up and down by 2 lines every second on mobile browser.

12/10: The greatest. Would read about exploit again.

Show thread

Jane the Motherfucker Jun 11

@jrt It reads like a Trump tweet.

Show thread

Laurent Bercot Jun 11

@jrt Oof. I can deal with the Comic Sans, the Trumpspeak, and even the uncomfortably rotated text, but the color scheme makes it really tough to focus on the real content 😅