this post was submitted on 01 Jul 2024
32 points (97.1% liked)

Security

666 readers
5 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 1 year ago
MODERATORS
 

Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd's privileged code, which is not sandboxed and runs with full privileges.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] refalo 2 points 4 months ago (1 children)

seems to work fine in C and I can find quite a bit of examples of it being used actually

[โ€“] towerful 1 points 4 months ago

Oh, I can't find any examples. What are you searching for?
The closest I can find is an old hlsl offhand comment showing the syntax in isolation, but no example.
https://stackoverflow.com/a/29689866