buy an ad, homosexual
also, why do you morons keep posting videos to random shit instead of LINKS TO THE FRICKING SOURCE? https://pwning.tech/nftables/
are you people so fricking moronic that you need technical stuff digested, even though you could at least glance over the technical explanation and get an idea of how shit works?
It's because you're the German rust programmer who claims to have 15 years of experience in C++. But only wrote a game engine in rust. You are also the same person who constantly posts cat pictures including the one with the blue background. Go away you pathetic sub human
4 weeks ago
Anonymous
schizo
4 weeks ago
Anonymous
How do you know I was replying to you? Are you sure that you're not the schizo
4 weeks ago
Anonymous
>How do you know I was replying to you?
4 weeks ago
Anonymous
Either way, find something productive to do with your troon lang. Or cut your dick off
4 weeks ago
Anonymous
4 weeks ago
Anonymous
You've basically admitted that you have no argument.
4 weeks ago
sage
Rust could have prevented this.
Linus should introduce a rule that for every line of C code two lines of C code should be rewritten in Rust.
Same gay by the way. >Inb4 edited screen shot
You're literally arguing for what microshaft accused IBM of doing in the 90's. You have pretty well outed yourself as moronic
The hilarious part is that most c enthusiasts here don't even know how to code.
I worked professionally with C in the past (embedded shit) and I am happy it's going to be deprecated in our lifetime.
I said it before, and I will repeat it.
C was created before the internet. The idea of "cybersecurity" in the 70's and 80's was a large Black person in front of the computer room door.
boomer raging because old = good
Except when it's not C, then old = bad. If you say to use Lisp, which is older than C and even CLOS is from the 80s, then old = bad. If you say Pascal and BASIC had better strings than C because string1 + string2 is better than malloc/strcpy/strcat, then old = bad.
>buy an ad, homosexual
do you really think telling people to give IQfy money is an insult, homosexual?
you might want to go back to le reddit, homosexual
you are shilling for IQfy like some simp cuck, but you will never be a janny, and you will never get paid for it.
just a "frick off" was too much for your reddit brain who can only think in terms of memes and consooming, huh?
>The exploit supports fileless execution when the target has perl installed. This is nice when the target filesystem is read-only.
couldn't he have done the same thing with os.memfd_create in python, which is almost guaranteed to exist?
you people are funny. as in funny mentally ill people. you guys argue about the most random shit and bait one each other and are easy af to bait, yet suck at actually arguing and talking and serious stuff.
buy an ad, homosexual
also, why do you morons keep posting videos to random shit instead of LINKS TO THE FRICKING SOURCE? https://pwning.tech/nftables/
are you people so fricking moronic that you need technical stuff digested, even though you could at least glance over the technical explanation and get an idea of how shit works?
you just gave me more evidence. you guys are not even schizos, just moronic.
Now that they have introduced Rust they should move away from this mailing list cruft.
Nobody except boomers and insane people will contribute by sending patches over email.
>Hence, the requirements for the exploit are that nf_tables is enabled and unprivileged user namespaces are enabled. The exploit is data-only and performs an kernel-space mirroring attack (KSMA) from userland with the novel Dirty Pagedirectory technique (pagetable confusion), where it is able to link any physical address (and its permissions) to virtual memory addresses by performing just read/writes to userland addresses.
So its nothingburger?
He's absolutely correct. You don't seem to know C either.
4 weeks ago
Anonymous
who the frick are you even quoting? are you morons trolling or what?
4 weeks ago
Anonymous
nta
but i write fricking fintech in C and opencl and i didnt know that.
kudos for the brain cookies btw, but if you arent security-oriented, you have no reason to learn such intricacies i think.
ididntknow about that because i never thought about asking that question.
maybe i should read the standard again. seriously and entirely this time...
4 weeks ago
Anonymous
It's a symptom of being a self-taught amateur. I know because I'm one myself ..
You pick up these things from working in big group projects, or by properly studying the spec.
4 weeks ago
Anonymous
>amateur
no. i usemy codetoput food on my table. >big holes in my knowledge
100% yes. i learn as i go.
i really need to study this shit properly, who knows what bullshit im writing in my code...
4 weeks ago
Anonymous
>no. i usemy codetoput food on my table.
Doesn't matter, indian street shitters are able to do that too. Your code reeks of amateurishness.
Not like it matters, all code out there sucks dick. This is pointless elitism, the only thing that matters in the real world is if it works or not.
4 weeks ago
Anonymous
yeah, but i can do better, no?
its as much a matter of competency, as of self respect as a craftsman to me
i will fricking learn this shit even if its boring as frick. its decided.
He's absolutely correct. You don't seem to know C either.
nta
but i write fricking fintech in C and opencl and i didnt know that.
kudos for the brain cookies btw, but if you arent security-oriented, you have no reason to learn such intricacies i think.
ididntknow about that because i never thought about asking that question.
maybe i should read the standard again. seriously and entirely this time...
Why are you absolute shitters taking about function declaration syntax?
I was literally just pouting out a block of code with le funny hackerman text
have a nice day you absolute troglodytes. Holy shit.
>Why are you absolute shitters taking about function declaration syntax?
bc its IQfy you fricking IQfyermin
if the autism is too much for you get out of the asylum or something like that
4 weeks ago
Anonymous
It's unjustified and moronic. You're screeching about shit literally no one fricking cares about you absolute shitter.
Again, have a nice day you troglodyte. You're literally so low information it's insane.
4 weeks ago
Anonymous
shush gay
dont likey? go to the nearest desktop thread.
there you will witness true futility
4 weeks ago
Anonymous
I'm actually a programmer unlike you homosexual fart sniffing morons who have to point out unless garbage unrelated to the conversation.
I could have also equally pointed out the quotes code block could have used puts() instead of format string only printf but I didn't because I'm not a fricking spergy moron. If the code isn't using va_args it literally doesn't FRICKING MATTER HOLY SHIT have a nice day
He's absolutely correct. You don't seem to know C either.
nta
but i write fricking fintech in C and opencl and i didnt know that.
kudos for the brain cookies btw, but if you arent security-oriented, you have no reason to learn such intricacies i think.
ididntknow about that because i never thought about asking that question.
maybe i should read the standard again. seriously and entirely this time...
this is how I know we are talking to bots
No one in this entire thread discussed the exploit. Everyone is raging at each other over troons and language wars.
What a shit board.
Everyone here is frothing at the mouth over the weakest bait.
Why is it so hard to discuss the content OP gave?
AFAIU the author is presenting a new technique for exploiting double frees (and probably similar classes of vulns) in the Linux kernel, as well as a vuln that has already been patched.
I don't have the technical knowledge required to do this shit, much less to talk about it (beyond generalities), but that looks really cool nonetheless
>No one in this entire thread discussed the exploit
looking at the code and infographic. looks like a nice double free in API bug + a nice heap corruption.
pretty based, ngl.
I always wonder how much worse macOS and Windows are at these but no one really finds them (or publicizes them) because they aren't Free and opensource with an easy to study compiler output
>I always wonder how much worse macOS and Windows are at these but no one really finds them (or publicizes them) because they aren't Free and opensource with an easy to study compiler output
a LOT of people are researching macos/windows. they don't publicize shit because these 0days sell for $100k+, and leaking an exploit means losing time, efforts and money.
sigh. true
some homosexuals cope-paste chat gpt answers too.
go fricking figure
I'm actually a programmer unlike you homosexual fart sniffing morons who have to point out unless garbage unrelated to the conversation.
I could have also equally pointed out the quotes code block could have used puts() instead of format string only printf but I didn't because I'm not a fricking spergy moron. If the code isn't using va_args it literally doesn't FRICKING MATTER HOLY SHIT have a nice day
>i'm actually a programmer unlike you
no, youre a wageslave unlike me bc you lack the talent, passion and ambition.
>No one in this entire thread discussed the exploit
looking at the code and infographic. looks like a nice double free in API bug + a nice heap corruption.
pretty based, ngl.
I always wonder how much worse macOS and Windows are at these but no one really finds them (or publicizes them) because they aren't Free and opensource with an easy to study compiler output
>rustroons who don't know C losing their shit >the vulnerability requires an exceptionally specific usecase to exploit
maybe if rustroons spent more time writing useful software instead of re-writing gnu coreutils and seething about nothingburger security exploits people would take your shitty language seriously
Shit like this makes me wary of user namespaces in general. A lot of shitty code is being exposed to userspace. I'm just glad to exploit it requires a lot of skill (autism) I guess. Thankfully this was fixed, so all is well.
GNU wins again
>netfilter
wow. who could've predicted this
rust won't solve this if its using the kernel level memory addresses moron
buy an ad, homosexual
also, why do you morons keep posting videos to random shit instead of LINKS TO THE FRICKING SOURCE? https://pwning.tech/nftables/
are you people so fricking moronic that you need technical stuff digested, even though you could at least glance over the technical explanation and get an idea of how shit works?
>cnile boomer raging because old = good
>old = good
correct
rust is trash, and brings no safety improvements when it comes to low level programming
>cnile brings up rust all of a sudden
rent free
It's because you're the German rust programmer who claims to have 15 years of experience in C++. But only wrote a game engine in rust. You are also the same person who constantly posts cat pictures including the one with the blue background. Go away you pathetic sub human
schizo
How do you know I was replying to you? Are you sure that you're not the schizo
>How do you know I was replying to you?
Either way, find something productive to do with your troon lang. Or cut your dick off
You've basically admitted that you have no argument.
Same gay by the way.
>Inb4 edited screen shot
You're literally arguing for what microshaft accused IBM of doing in the 90's. You have pretty well outed yourself as moronic
sage negated
Admitted to flooding. Bold
>rust is trash
sure
>brings no safety improvements when it comes to low level programming
neither rust or c are capable of low level programming
The hilarious part is that most c enthusiasts here don't even know how to code.
I worked professionally with C in the past (embedded shit) and I am happy it's going to be deprecated in our lifetime.
I said it before, and I will repeat it.
C was created before the internet. The idea of "cybersecurity" in the 70's and 80's was a large Black person in front of the computer room door.
That's the case more often than you think.
boomer raging because old = good
Except when it's not C, then old = bad. If you say to use Lisp, which is older than C and even CLOS is from the 80s, then old = bad. If you say Pascal and BASIC had better strings than C because string1 + string2 is better than malloc/strcpy/strcat, then old = bad.
>buy an ad, homosexual
do you really think telling people to give IQfy money is an insult, homosexual?
you might want to go back to le reddit, homosexual
buy an ad is the tourist version of take your meds
In the old days, eceleb threads were nuked from orbit. The fact you don't know this strongly implies new homosexualry
you're right
you are shilling for IQfy like some simp cuck, but you will never be a janny, and you will never get paid for it.
just a "frick off" was too much for your reddit brain who can only think in terms of memes and consooming, huh?
>The exploit supports fileless execution when the target has perl installed. This is nice when the target filesystem is read-only.
couldn't he have done the same thing with os.memfd_create in python, which is almost guaranteed to exist?
Linux wouldn't exist without c. Linux won't exist with rust. Go build your own operating system and then talk
Buy an ad homosexual. (You) Not given
> daily rust pedophile thread
oh fantastic.
>calls me a plebbitor
>Is guilty of plebbit spacing
Me thinks the troon doth protest too much
not a single post in this thread is using """reddit spacing""", stop coping and admit you said something moronic already.
You don't seem to know what that is.
you people are funny. as in funny mentally ill people. you guys argue about the most random shit and bait one each other and are easy af to bait, yet suck at actually arguing and talking and serious stuff.
>i was actually le trolling you guys, i am having SUCH a laugh at this thread! hi-la-rious!
frick off
? I'm not the OP. I'm
you just gave me more evidence. you guys are not even schizos, just moronic.
Rust could have prevented this.
Linus should introduce a rule that for every line of C code two lines of C code should be rewritten in Rust.
the state of geee
>I found a double-free primitive
When will Cniles learn not to free their pointers multiple times?
Why is your shit so big? Are you well?
>poorgay can't afford a high resolution monitor
Yes, my eyes work and I don't need text 4 times the normal size, if that's what you mean.
It's the sites fault
.article-excerpt {
font-size: 2rem;
}
>https://pwning.tech/nftables/
>It's the site's fault that my eyes are made of raisins.
yes, see
>buys a monitor 4x as big
>scales everything so it looks the same only crisper
>doesnt get why hes being called raisin eyed
>scales everything
dumb moron
look at the css here
this is the sites css, not mine
the website is scaling everything up for no reason
pic is how it looks without the css
don't worry i'm sure some foss-lover is going to fix it for free, but that's not me
Now that they have introduced Rust they should move away from this mailing list cruft.
Nobody except boomers and insane people will contribute by sending patches over email.
I love your rustroony propaganda, it keeps fueling my love for C
lmao git gud
rustroons don't understand anything but low t and degeneraCy, that's why they push it so much
You know it all comes to assembly/instructions, right? stupid tranBlack personhomosexual lmao
low quality post
low quality post
TAP0RT
I wonder how much google pays for people to spam rust everywhere?
I also hate C.
Both are terrible.
What do you prefer?
I don't.
Anything using the current architectures is inherently flawed.
What architecture would you prefer?
he can't answer because he has no clue what he's talking about
Verification not required.
It's over for Linus Benedict Torvalds. Balding fraud!
when are you rewriting the kernel to rust so you can shut the frick up with these psyop posts
mitigations=off
Does a Rust kernel even exist?
>Linux uses le heckin Rust!
Then why didn't it stop this?
>Hence, the requirements for the exploit are that nf_tables is enabled and unprivileged user namespaces are enabled. The exploit is data-only and performs an kernel-space mirroring attack (KSMA) from userland with the novel Dirty Pagedirectory technique (pagetable confusion), where it is able to link any physical address (and its permissions) to virtual memory addresses by performing just read/writes to userland addresses.
So its nothingburger?
Please understand, security researchers need to eat too.
Yeah it's a nothingburger since its not an RCE.
Just don't install malware lmao.
it's a privilege escalation exploit that works in containers (AFAIU)
https://github.com/Notselwyn/CVE-2024-1086/blob/main/src/main.c#L197-L215
holy based?
>doesn't know () means any arguments are allowed and that it's different from (void)
The author doesn't know C.
wtf are you spazzing about you moron?
He's absolutely correct. You don't seem to know C either.
who the frick are you even quoting? are you morons trolling or what?
nta
but i write fricking fintech in C and opencl and i didnt know that.
kudos for the brain cookies btw, but if you arent security-oriented, you have no reason to learn such intricacies i think.
ididntknow about that because i never thought about asking that question.
maybe i should read the standard again. seriously and entirely this time...
It's a symptom of being a self-taught amateur. I know because I'm one myself ..
You pick up these things from working in big group projects, or by properly studying the spec.
>amateur
no. i usemy codetoput food on my table.
>big holes in my knowledge
100% yes. i learn as i go.
i really need to study this shit properly, who knows what bullshit im writing in my code...
>no. i usemy codetoput food on my table.
Doesn't matter, indian street shitters are able to do that too. Your code reeks of amateurishness.
Not like it matters, all code out there sucks dick. This is pointless elitism, the only thing that matters in the real world is if it works or not.
yeah, but i can do better, no?
its as much a matter of competency, as of self respect as a craftsman to me
i will fricking learn this shit even if its boring as frick. its decided.
Why are you absolute shitters taking about function declaration syntax?
I was literally just pouting out a block of code with le funny hackerman text
have a nice day you absolute troglodytes. Holy shit.
>Why are you absolute shitters taking about function declaration syntax?
bc its IQfy you fricking IQfyermin
if the autism is too much for you get out of the asylum or something like that
It's unjustified and moronic. You're screeching about shit literally no one fricking cares about you absolute shitter.
Again, have a nice day you troglodyte. You're literally so low information it's insane.
shush gay
dont likey? go to the nearest desktop thread.
there you will witness true futility
I'm actually a programmer unlike you homosexual fart sniffing morons who have to point out unless garbage unrelated to the conversation.
I could have also equally pointed out the quotes code block could have used puts() instead of format string only printf but I didn't because I'm not a fricking spergy moron. If the code isn't using va_args it literally doesn't FRICKING MATTER HOLY SHIT have a nice day
this is how I know we are talking to bots
AFAIU the author is presenting a new technique for exploiting double frees (and probably similar classes of vulns) in the Linux kernel, as well as a vuln that has already been patched.
I don't have the technical knowledge required to do this shit, much less to talk about it (beyond generalities), but that looks really cool nonetheless
>I always wonder how much worse macOS and Windows are at these but no one really finds them (or publicizes them) because they aren't Free and opensource with an easy to study compiler output
a LOT of people are researching macos/windows. they don't publicize shit because these 0days sell for $100k+, and leaking an exploit means losing time, efforts and money.
sigh. true
some homosexuals cope-paste chat gpt answers too.
go fricking figure
>i'm actually a programmer unlike you
no, youre a wageslave unlike me bc you lack the talent, passion and ambition.
Fixed in C23
What is "fixed" in C23?
() now means an empty argument list, same as (void)
True.
No one in this entire thread discussed the exploit. Everyone is raging at each other over troons and language wars.
What a shit board.
Everyone here is frothing at the mouth over the weakest bait.
Why is it so hard to discuss the content OP gave?
action - reaction.
which begets another reaction.
which begets a reaction with the reacotors
and so on and so on...
i can tell you its constant rust shilling and general vulgarity of that community that elicited a response from all the other communities.
now its a shitstorm.
bc of a couple hysterical rustroons.
tranime posters are to blame too. a goodportion of them are from /lgbt/ and since rust in an icon thereof, they shill mindlessly, aggressively.
at a certain point people got fed up and started hunting them.
this is why IQfy is what it is today.
action reaction
blame jannies.
they should have banned the morons a good whileago
>No one in this entire thread discussed the exploit
looking at the code and infographic. looks like a nice double free in API bug + a nice heap corruption.
pretty based, ngl.
I always wonder how much worse macOS and Windows are at these but no one really finds them (or publicizes them) because they aren't Free and opensource with an easy to study compiler output
>rustroons who don't know C losing their shit
>the vulnerability requires an exceptionally specific usecase to exploit
maybe if rustroons spent more time writing useful software instead of re-writing gnu coreutils and seething about nothingburger security exploits people would take your shitty language seriously
Shit like this makes me wary of user namespaces in general. A lot of shitty code is being exposed to userspace. I'm just glad to exploit it requires a lot of skill (autism) I guess. Thankfully this was fixed, so all is well.
>baiting and trolling
Blows my mind what an absolute shithole IQfy is.