Comment Re:Yeah (Score 1) 255
Don't badmouth Windows 10 users- about half of them are going to be in your QA department.
Start with land mines.
Good god no! that's the plot device for the movie screamers.
takes on a whole new meaning.
Autonomous intelligent self propelled evolving landmines turn on humans. 'nuff said.
another way is to convert it to jpeg and store it in facebook.
I use slashdotFS which is a markovian random comment generator which effectively embeds data in a stegenographic comment. The FS handles the details of creating and saving these so it's all transparent and mounts on your desktop like a regular drive. It's slow but it's capacity seems unlimited and frequently gets modded insightful
Oh, wait, you didn't need to pass a test for that.
I'm just trying to think how that would have been possible. I think back then there was a medical exception you could plead for. I didn't. I passed the 20 WPM test fair and square and got K6BP as a vanity call, long before there was any way to get that call without passing a 20 WPM test.
Unfortunately, ARRL did fight to keep those code speeds in place, and to keep code requirements, for the last several decades that I know of and probably continuously since 1936. Of course there was all of the regulation around incentive licensing, where code speeds were given a primary role. Just a few years ago, they sent Rod Stafford to the final IARU meeting on the code issue with one mission: preventing an international vote for removal of S25.5 . They lost.
I am not blaming this on ARRL staff and officers. Many of them have privately told me of their support, including some directors and their First VP, now SK. It's the membership that has been the problem.
I am having a lot of trouble believing the government agency and NGO thing, as well. I talked with some corporate emergency managers as part of my opposition to the encryption proceeding (we won that too, by the way, and I dragged an unwilling ARRL, who had said they would not comment, into the fight). Big hospitals, etc.
What I got from the corporate folks was that their management was resistant to using Radio Amateurs regardless of what the law was. Not that they were chomping at the bit waiting to be able to carry HIPAA-protected emergency information via encrypted Amateur radio. Indeed, if you read the encryption proceeding, public agencies and corporations hardly commented at all. That point was made very clearly in FCC's statement - the agencies that were theorized by Amateurs to want encryption didn't show any interest in the proceeding.
So, I am having trouble believing that the federal agency and NGO thing is real because of that.
Perhaps that explains why my company bUber (pronounced Boob Urge) has bee so tied up in the courts. The concept is simple our company iPimp arranges meetings of escorts in hotel rooms. The contractors are all independent contractors, making a little money, but really they are their to give their single serving friends, we call them rides, a hand. This is completely different from normal prostitution, it's a different bussiness model even though it fills the same niche. In places where whore houses are well regulated, inspected and liscenced one can see that we don't need to meet such requirements since our service producers are independent contractors. Our rates are lower since were just making connections between people who might not be full time whores. They just notify us when they are available and we make use of what would otherwise would have been wasted time. We have surge pricing for conventions and with that can get more providers on the street when they are needed.
Recently Uber approached us because it fits well with there model. Our providers need delivery to addresses, and their drivers can act as sales agents for us as well. But they are reluctant to merge with us until we can shake these ridiculous legal problems. We certainly are not a traditional whore house.
setuid is for executables.
Well this is not how Walter White would have done it, is it?
That's the coward's way out, using drugs, where 90% of your synthesis has been done for you by already by some Big Pharma company selling pseudoephedrine to people who need to clear their noses.
"Now get me my phenylacetic acid... bitch!"
That command is a riddle and, forgive me, but I think your explanation is wrong.
the final sudo -s is not there to create an error. it's a perfectly fine command and is that to just make you root on the spot.
I think a partial explanation of what goes on is this:
the first bin just creates the text you want to shove into the sudoers file. that's clear enough.
the pass to >&3 is saying send this text to file descriptor 3. This doesn't exist..yet...but it will shortly.
So how does the file open happen? Well if you put an environment variable definition in front of a command, what happens is the command runs with that environment variable temporarily set for the duration of the command. thus
DYLD_PRINT_TO_FILE=/etc/sudoers newgrp
says create the env DYLD_PRINT_TO_FILE temporarily and set it to
newgrp doesn't actually do anything at all here other than launch a new shell which promptly quits. However it does run with setuid root privilege.
guessing here: And while it's running but not doing anything the system goes, oh, I better open a stream to the DYLD_ file because there might be some output to log there. So it opens that file pre-emptively and duly assigns it to file descriptor 3 for input.
unfortunately DYLD has inherited the permission of newgrp to do that, so its doing a file open as root too.
So we can now write to 3 and DYLD_ redirects that into the file.
at this point I'm not sure what happens exactly. One possibility is the obvious which is that what we write to file descitor 3 goes into the file represent file descriptor 3. that's simple if that's what bash would do. However the explanation of the exploit notes that DYLD_ also fails to close it's file descriptors. In which case what happens is that the newgrp command just exits but because the pipe made it a child, it's parent inherits the dangling filedesciptor. and then that's why we can write to that. I really don't know my bash well enough to say which of those might be the right mechanism here. if either.
anyone alse want to explain?
Another point I'm fuzzy on here is whether the writer needs to have the same setuid as the reader.
Reading the explanation here: https://www.sektioneins.de/en/...
I don't fully understand how it works, but it seems to be more complex than what you just said. I suspect it depends on a parent process inheriting a child procesess setuid for accessing a file.
the bash script however is a riddle to me. I don't understand how the pipe to channel 3 ends up in the
What does the environment variable look like as this executes? which parts of it execute when? and how does the echo get to the file.
the final sudo -s I understand.
can someone break this down for me?
"If it ain't broke, don't fix it." - Bert Lantz
