phil

@bieberium@infosec.exchange
46 Followers
209 Following
8.4K Posts

IETF RFC1925:

With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. [...]

PronounsHe / Him
LocationCentral Germany
ProfessionSecurity minded AD & Entra ID admin
Bookwyrmhttps://books.infosec.exchange/user/bieberium
Twitter (archival data)https://twitter.com/bieberium
Twittodon (archival data)https://twittodon.com/share.php?t=bieberium&m=bieberium%40infosec.exchange
phil35m ago
ISO7010 pictogram of the day5h ago
W021 – Flammable material

Image source: https://commons.wikimedia.org/wiki/File:ISO_7010_W021.svg
Author: Wikimedia Commons user MaxxL
Public domain
phil54m ago
daniel:// stenberg://9h ago

After closing the weekend's four new #curl security reports as not applicable, we have now received **thirty-three** submissions since the last confirmed genuine one. Thirty-three ones that were not security problems. (A few of them were proper bugs though.)

I don't think we are ready to make the call just yet, but I suspect our bug bounty's days are numbered.

phil55m ago
Information Is Beautiful7h ago

Counter-intuitive but apparently correct. London sports an oceanic climate with regular drizzle which makes it feel more QUALITATIVELY 'rainy'. But other regions suffer more intense bouts of thunderstorms & rainfall esp. which creates more QUANTITY of actual rain water.

(by Instagram user @loverofgeography AKA Jordi Savell)

phil8h ago
Alexandre Dulaunoy10h ago

Finally a useful magic quadrant

Thanks to @wendynather for the discovery.

#cybersecurity #vulnerability

phil8h ago
Medieval Illumination11h ago
#KungFu knight. Le livre de Lancelot du Lac and other Arthurian Romances, Northern France 13th century. Beinecke Rare Book & Manuscript Library, MS 229, fol. 326r.
#medieval #MedievalArt
phil9h ago
Ricki Yasha Tarr14h ago
Now that we all understand tariffs a little better, the plot of Phantom Menace makes more sense.
phil11h ago
That Crazy Warchief Guy1d ago

I wanna record an audiobook that's 8 hours of breathing and page turning.

Then just "Oh, you mean out loud?" right at the end.

phil11h ago
Dickenhobelix22h ago
Welches Rüsseltier ist sehr sehr müde?
.
.
.
.
.
.
.
Pennjamin Blümchen
phil11h ago
Peter Ritchie🌍🍁1d ago
It's funny because it's true
phil11h ago
    21h ago
What option should I pick
×
cR0w Jun 16

https://github.com/ubuntu/authd/security/advisories/GHSA-g8qw-mgjx-rwjr

When a user who hasn't logged in to the system before (i.e. doesn't exist in the authd user database) logs in via SSH, the user is considered a member of the root group in the context of the SSH session. That leads to a local privilege escalation if the user should not have root privileges.

Show threadJim FlanaganJun 16
@cR0w There’s TOFU and there’s TOFU
Show threadRootWyrm 🇺🇦Jun 16
@cR0w but Mark Shuttleworth only hires the finest high school valedictorians after a 12 month hazing process posing as an interview!
Show threadvxoJun 16

@rootwyrm @cR0w from the team that created the new image of WVWA, Pound Ridge, New York.

https://www.youtube.com/watch?v=hsHYp4k7fFw

NINE! - WVWA Pound Ridge, New York

YouTube
Show threadFrederikJun 16
@cR0w No way this is "moderate" lmao, how is an LPE C:L/I:L/A:N?
Show threadKallistiJun 16
@cR0w I love how they're downplaying this. It's obviously C:H/I:H/A:H, but of course they're not admitting to that.
Show threadvampirdaddyJun 16
@cR0w
PAM - 1001 ways to shoot yourselves into the foot.
Show threadKhleedrilJun 16
@vampirdaddy @cR0w Strange turn of words.
Show threadCeles 🌙Jun 16
@cR0w "moderate" 
Show threadHaelwenn /элвэн/ Jun 16
@cR0w Lol, ubuntu-authd was defaulting to gid 0.
Show threadHaelwenn /элвэн/ Jun 16
@cR0w And seems like https://github.com/ubuntu/authd/commit/619ce8e55953b970f1765ddaad565081538151ab does not fixes value it gets initialized to (ought to be something like nogroup) but only addresses the logic error.

So "0 days since last ubuntu-authd tripped and gave too much privileges"
Fix new users logging in via SSH being part of the root group · ubuntu/authd@619ce8e

The temporary user record we returned in the pre-auth NSS request did not have a GID set, so it defaulted to GID 0 (the ID of the root group). Turns out the user is actually considered part of that...

GitHub
Show threadMarco Trevisan Jun 16

@lanodan @cR0w it does.

There's no other way the user group can be initialized, unless you know the code better.

Show threadHaelwenn /элвэн/ Jun 16
@3v1n0 @cR0w There's a difference between initializing a struct to safe values when it's declared, and ending up going through /current/ branches to see if it can fail.
Show threadMarco Trevisan Jun 16
@lanodan @cR0w well, we may have wrapped it into function helpers doing the same, but it's not really changing much imho.
Show threadDave WJun 16
@lanodan @cR0w https://youtu.be/TbBdyXGZ1Gw
This is the one thing we DIDN'T want to happen.

YouTube
Show thread✨メッツォ✨  Jun 16
@cR0w ... 
Show threadSeth Hanford 🐡Jun 16
@cR0w lol. Lmao even.
Show threadMaddy  🏳️‍⚧️ - Distracted by new shiny Jun 16
@cR0w *W-H-A-T?*
Show threadDio9sysJun 16
@cR0w I love a disposable root shell
Show threadNoratriebJun 16
@cR0w I like the workaround, "do not use this software". A beautiful universally applicable workaround for any vulnerability.
Show threadF4GRX SébastienJun 16
@cR0w
Show threadKevin Karhan Jun 16
@f4grx @cR0w yoooo....!
Show threadF4GRX SébastienJun 16
@kkarhan @cR0w I have no idea who is the character on this gif, but I found her fun, saved it, and today is the perfect occasion to repost her 😁
Show threadKevin Karhan Jun 16
@f4grx @cR0w it's "Kizuna AI"
Half-Life 2 but it's Kizuna AI

YouTube
Show threadF4GRX SébastienJun 16

@kkarhan @cR0w oh noooo lol

Edit: ok despite the name this has nothing to do with modern LLMs, it's more a VR avatar like Hatsune Miku.

Show threadRootWyrm 🇺🇦Jun 16

@f4grx @cR0w but remember! Everyone saying systemd and snaps and authd are all terrible fucking ideas by terrible fucking people who continually and repeatedly demonstrate forcefully they have no fucking clue is just a hater and wrong!

Also don't point out that sssd identified this as a possible issue... well, was before $jobF so at least 10 years or so?

Show threadNavi Jun 16
@rootwyrm @f4grx @cR0w what does systemd have to do with canonical's utter bullshit again
Show threadredsakanaJun 16
@cR0w Canonical is truly a gift that keeps on giving
Show threadbrk, a.k.a. @evanrichterJun 16
@cR0w
Show threadPatch ArcanaJun 16
@cR0w The hivis and clipboard of invisibility aren't meant to get you C-suite permissions!
Show threadSteven ReedJun 16
@cR0w if only there was a better systems programming language that this stuff could be written in that would avoid these sort of errors. Hypothetically it would be ideal for this sort of security sensitive project :(
Show threadAngus McIntyreJun 16
@cR0w @yomimono Luckily, there's a simple fix for this. Just give all users root privileges, and then the behavior will be correct and the privilege escalation bug goes away.
Show threadRootWyrm 🇺🇦Jun 16
@angusm @cR0w @yomimono ah, I see you're familiar with modern DevOops.
Show threadJoe MansfieldJun 16

@angusm @cR0w @yomimono

I know you make a joke here but I worked at a Fortune 50 company that basically did this to reduce help desk call volume.

Spectacular.

Show threadFaraiweJun 16

@cR0w ::blinks repeatedly::

Wut

Show threadkwayk42Jun 16
@cR0w
Show threadNosirrahSec 🏴‍☠️ guillotine enthusiastJun 16

@cR0w at least it's not in something fundamentally core to the function of the network-connected OS...

Oh fuck off.

Show threadFabian (Bocchi) 🏳️‍🌈Jun 16
@cR0w why would anyone run ubuntu over Debian, like for real?
Show threadEth[̲̅a]n H[̲̅a]nsen Jun 16
@cR0w sure hope everybody has properly configured service users without login shells!
Show threadwall-e / DanielJun 16
@cR0w
David Attenborough voice:
"As a sign of cooperation, the wild server offers a reciprocal 'root on first use' to the user's 'trust on first use'..."
Show threadAstraLumaJun 16

@cR0w this is even more hilarious than the cryptography bug my partner found last year https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2

That one at least had subtlety

Attacker-controlled usernames yield controllable UIDs

CVE description: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain ...

GitHub
Show threadCraig StewartJun 16
@cR0w wat?
Show threadJdeBPJun 16

@cR0w

It's called "wheel", damn it!

One has to love the push to using zero initialization so that programs always give you privileged group membership instead of membership of whatever random group ID number happened to be on the stack.

Security by uninitialized variable.

(-:

#FreeBSD #NetBSD #OpenBSD

Show threadHowardJun 16
@cR0w pity there wasn't some kind of daemon running that could tale care of root thingys for SSH.
Show threadVery Hairy JerryJun 16
@cR0w
Show threadbuheratorJun 16
@jerry @cR0w You are joking but: https://threadreaderapp.com/thread/1932079435571671137.html
Thread by @spendergrsec on Thread Reader App

@spendergrsec: Vibe coding has no place in Linux kernel maintenance. The vulnerability inserted into 5 LTS kernels at once apparently without any review is yet another instance of AUTOSEL fallout, here with the "new...…

Show threadVery Hairy JerryJun 16
@buherator @cR0w how else are we going to get companies to pay maintenance fees for free software?
Show threadJeroen HabetsJun 16

@cR0w @GossiTheDog thanks for the heads up! Luckily I never felt the need to SSH via cloud login and don't have authd installed (only ed25519 keys for me.)

But crazy to see it downplayed so - Completely counter to the trust needed in the authentication space.

Show threadfsgnjx, f4, f2, .filmröllchenJun 16
@cR0w @kitten https://github.com/ubuntu/authd/commit/619ce8e55953b970f1765ddaad565081538151ab#diff-71a24fbec9076e04f442c05511455d60e6a661995f7e42762432a809c39a38b5L93 comedy gold
Fix new users logging in via SSH being part of the root group · ubuntu/authd@619ce8e

The temporary user record we returned in the pre-auth NSS request did not have a GID set, so it defaulted to GID 0 (the ID of the root group). Turns out the user is actually considered part of that...

GitHub
Show threadElise (DECT: MEOW)Jun 16
@filmroellchen @cR0w
Show threadSapphicSelene Jun 16
@cR0w Am I reading this right that any random Joe logging into a computer remotely via the internet would have instant right to do whatever they pleased with said computer, like deleting files willy nilly? If so, then God damn
Show threadjasegJun 16
@sapphicselene AFAICT you would already need an account on the target system, just not a privileged one.
Show threadjxvvtJun 16

@sapphicselene @cR0w

No

Show threadRandom Damage 🌻Jun 16
@cR0w this might go back all the way to the start of systemd
Show threaddspJun 16
@cR0w how tf this is considered "moderate" is beyond me.
Show threadCatSalad🐈🥗 (D.Burch) Jun 16
@cR0w Canonical QA tester: ssh login works ✅