Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Re:No surprises there... (Score 1) 328 328

I never really followed politics much when I was younger, but has it always been like this?

You will occasionally find people who get very, very offended when you point out that Democrats and Republicans differ only in name. These people, sadly, really do believe that the next Obama will change things, and then grow all the more bitter when he ends up just like the rest of the worthless fucks in DC.

But yes, it has pretty much always gone like this. Every charismatic young buck looks like the next Prez Rickard, right up until he turns into the next Tricky Dick.

Townshend was wrong. It's seems like you can just keep fooling us over and over again.

Meet the new boss - Same as the old boss.

Comment We have this awesome new tech... (Score 2) 140 140

They call it a "lock and key". Totally uncrackable over the internet or via USB, and although exploits do exist, for higher quality setups they take considerable time with physical access to the device.

The "IoT" is not our friend, folks - It turns solid, reliable old-school products into yet another vector for malware in your house. And if you think reinstalling Windows sucks, how about having your oven go into self-cleaning mode during your vacation without the safety latch closed? How about having your blender "playfully" get your cat's attention with brief pulses before going full puree? How about overriding your on-demand hot water heater to its "steam clean" setting with you in the shower?

I love toys, including electronics. But the fewer things in my house vulnerable to remote exploits, the better. My toaster should have one dial and one lever and zero computers, period.

Comment Re:Under what authority? (Score 3, Insightful) 289 289

Their permit said that they would not have this wanted fugitive perform. They violated the terms of their permit, so were shut down. This is pretty straightforward and they had to know this would happen - they probably wanted the publicity.

Would the police also have shut them down if they started playing clips of Roman Polanski (wanted in the US for raping a 13 year old girl) movies?

Sure, they can ban him from appearing. But "straightfoward", for effectively playing a movie by someone with an opinion they don't want heard? Yeah, I would call that straightforward - A straightforward violation of the first amendment.

Comment use slashdotFS (Score 3, Funny) 215 215

I use slashdotFS which is a markovian random comment generator which effectively embeds data in a stegenographic comment. The FS handles the details of creating and saving these so it's all transparent and mounts on your desktop like a regular drive. It's slow but it's capacity seems unlimited and frequently gets modded insightful

Comment bUber (Score 5, Funny) 242 242

Perhaps that explains why my company bUber (pronounced Boob Urge) has bee so tied up in the courts. The concept is simple our company iPimp arranges meetings of escorts in hotel rooms. The contractors are all independent contractors, making a little money, but really they are their to give their single serving friends, we call them rides, a hand. This is completely different from normal prostitution, it's a different bussiness model even though it fills the same niche. In places where whore houses are well regulated, inspected and liscenced one can see that we don't need to meet such requirements since our service producers are independent contractors. Our rates are lower since were just making connections between people who might not be full time whores. They just notify us when they are available and we make use of what would otherwise would have been wasted time. We have surge pricing for conventions and with that can get more providers on the street when they are needed.

Recently Uber approached us because it fits well with there model. Our providers need delivery to addresses, and their drivers can act as sales agents for us as well. But they are reluctant to merge with us until we can shake these ridiculous legal problems. We certainly are not a traditional whore house.

Comment Re:I still don't understand (Score 1) 129 129

setuid is for executables. /etc/sudoers is root owned/readable but it's not executable, so there's no set UID on this file. I think the exploit you are describing is acutally another clever way to achieve a root priv escalation. using sudoers is more direct but also perhaps easier to detect.

Comment I still don't understand (Score 1) 129 129

That command is a riddle and, forgive me, but I think your explanation is wrong.
the final sudo -s is not there to create an error. it's a perfectly fine command and is that to just make you root on the spot.

I think a partial explanation of what goes on is this:

the first bin just creates the text you want to shove into the sudoers file. that's clear enough.

the pass to >&3 is saying send this text to file descriptor 3. This doesn't exist..yet...but it will shortly.

So how does the file open happen? Well if you put an environment variable definition in front of a command, what happens is the command runs with that environment variable temporarily set for the duration of the command. thus

DYLD_PRINT_TO_FILE=/etc/sudoers newgrp

says create the env DYLD_PRINT_TO_FILE temporarily and set it to /etc/sudoers and after setting that, then execute newgrp.

newgrp doesn't actually do anything at all here other than launch a new shell which promptly quits. However it does run with setuid root privilege.

guessing here: And while it's running but not doing anything the system goes, oh, I better open a stream to the DYLD_ file because there might be some output to log there. So it opens that file pre-emptively and duly assigns it to file descriptor 3 for input.

unfortunately DYLD has inherited the permission of newgrp to do that, so its doing a file open as root too.

  So we can now write to 3 and DYLD_ redirects that into the file.

at this point I'm not sure what happens exactly. One possibility is the obvious which is that what we write to file descitor 3 goes into the file represent file descriptor 3. that's simple if that's what bash would do. However the explanation of the exploit notes that DYLD_ also fails to close it's file descriptors. In which case what happens is that the newgrp command just exits but because the pipe made it a child, it's parent inherits the dangling filedesciptor. and then that's why we can write to that. I really don't know my bash well enough to say which of those might be the right mechanism here. if either.

anyone alse want to explain?

Another point I'm fuzzy on here is whether the writer needs to have the same setuid as the reader.

Comment Please explain more (Score 2) 129 129

Reading the explanation here: https://www.sektioneins.de/en/...
I don't fully understand how it works, but it seems to be more complex than what you just said. I suspect it depends on a parent process inheriting a child procesess setuid for accessing a file.

the bash script however is a riddle to me. I don't understand how the pipe to channel 3 ends up in the /etc/sudoers file. Where does channel 3 go. I suspect the newgrp statement is there to just be any process which does a setuid as root. Not sure. Again I don't understand how it's being called here.

What does the environment variable look like as this executes? which parts of it execute when? and how does the echo get to the file.

the final sudo -s I understand.

can someone break this down for me?

Comment Key detail: Security experts have IT skills (Score 4, Insightful) 112 112

Although the password keeper point struck me as interesting, I take issue with the "experts" stance on updates.

People don't shun (non-OS) updates because they "might" install malware - They shun them because they do install unwanted tag-alongs (if not outright malware). Flash tries to install its partner-of-the-week every time you update it. Chrome just added push notifications. Java... Let's not even go there. And let's not overlook the fact that most users can't tell a legit update prompt from a drive-by installer.

Security experts have a bias here because they:
1) can usually tell the legit updates from the bogus ones (and know enough to get the bloat-free version of the update); and
2) can themselves remove or repair the occasional spyware that slips through, without needing to pay BestBuy $150 for five minutes' work on a machine only worth $300 in the first place.

Comment Re:Interesting choice of questions to address (Score 1) 550 550

Yes and no - That would count as a valid reason, if not for the fact that Wu has five minutes of fame solely because of GG. No one gives the least damn about the co-founder of some two-bit game studio.

When your pony has only one trick, no one comes to the show to hear its opinions on the merits of alfalfa vs clover. Heck, until the trolls showed up and explained why we should care about this Q&A, I dismissed it as a blatant Dicevertisement.

You can measure a programmer's perspective by noting his attitude on the continuing viability of FORTRAN. -- Alan Perlis

Working...