#code.20220308.log

code logs -> 2022 -> Tue, 08 Mar 2022

< code.20220307.log - code.20220309.log >

--- Log opened Tue Mar 08 00:00:59 2022
00:50	<&[R]>	https://dirtypipe.cm4all.com/ <-- primary source it seems
01:33	<&ToxicFrog>	Holy shit, that's spicy
01:36	<&ToxicFrog>	tl;dr: by using pipes and splice(2), you can convince the kernel to write attacker-controlled data to the block cache for any file you can read, whether you can write the file on disk or not
01:36	<&ToxicFrog>	If you can get the page dirty, by e.g. doing this at the same time a program that does have write permission is writing it, you can get these changes committed to disk
01:36	<&ToxicFrog>	Even if you can't, read requests will be serviced from the attacker-controlled pages as long as that cache entry isn't evicted, which means you exploit this even when the file is located on a read-only filesystem
01:45	<&Reiver>	jesus
01:46	<&Reiver>	Is this patterno f late "There have been more errors slipping through" or "Really serious investigations are finally being pointed at Linux development" or "People like to make more noise about it than before" or
01:47		gizmore [kvirc@Nightstar-kktghm.dip0.t-ipconnect.de] has joined #code
01:47	<&[R]>	NSA's probably been making commits to the kernel
01:48	<&[R]>	Some egg on their face with the whole NIST EC crypto thing
01:49		gizmore\|2 [kvirc@Nightstar-d7u8k1.dip0.t-ipconnect.de] has quit [Ping timeout: 121 seconds]
02:21	<@macdjord>	Reiver: I feel it's because of Heartbleed. It opened the idea that a major vulnerability could be /marketed/ - given a catchy name, even its own webpage.
02:58		Degi_ [Degi@Nightstar-oifo9f.pool.telefonica.de] has joined #code
03:00		Degi [Degi@Nightstar-htigkm.pool.telefonica.de] has quit [Ping timeout: 121 seconds]
03:00		Degi_ is now known as Degi
03:28	<&McMartin>	Security researchers have been giving cute names to attacks going back to at least "Reflections on Trusting Trust"
03:28	<&McMartin>	Heartbleed was the first vuln with a cute name that also was of the "apocalypse" severity
03:29	<&McMartin>	Given how long these vulns exist before discovery of proof of exploitation, I lean much harder towards the "finally seeing some real resources put into attack and defense" than "people are getting sloppy" or "deliberate sabotage"
03:30	<&McMartin>	Especially since the second apocalypse-class bug had existed in every version of bash for 25 years before its discovery
03:30	<&McMartin>	*discovery or
04:49		Vorntastic [uid293981@Nightstar-phvupn.irccloud.com] has joined #code
04:49		mode/#code [+qo Vorntastic Vorntastic] by ChanServ
04:57		himi [sjjf@Nightstar-1drtbs.anu.edu.au] has quit [Ping timeout: 121 seconds]
05:47		Kindamoody[zZz] is now known as Kindamoody
07:09		McMartin [mcmartin@Nightstar-i80eaa.ca.comcast.net] has quit [[NS] Quit: kernel upgrade whee]
07:13		McMartin [mcmartin@Nightstar-i80eaa.ca.comcast.net] has joined #code
07:13		mode/#code [+ao McMartin McMartin] by ChanServ
07:32		himi [sjjf@Nightstar-v37cpe.internode.on.net] has joined #code
07:32		mode/#code [+o himi] by ChanServ
10:40		abudhabi_ [abudhabi@Nightstar-lmghh6.adsl.tpnet.pl] has joined #code
10:43		abudhabi__ [abudhabi@Nightstar-gh5j0a.adsl.tpnet.pl] has quit [Ping timeout: 121 seconds]
11:30		abudhabi_ [abudhabi@Nightstar-lmghh6.adsl.tpnet.pl] has quit [Connection reset by peer]
13:47		abudhabi [abudhabi@Nightstar-lmghh6.adsl.tpnet.pl] has joined #code
14:06		catalyst [catalyst@Nightstar-ejd4sd.cable.virginm.net] has quit [The TLS connection was non-properly terminated.]
14:23		Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code
14:23		mode/#code [+qo Vornicus Vornicus] by ChanServ
15:11		catalyst [catalyst@Nightstar-ejd4sd.cable.virginm.net] has joined #code
17:29		Vorntastic [uid293981@Nightstar-phvupn.irccloud.com] has quit [[NS] Quit: Connection closed for inactivity]
20:12		Emmy [Emmy@Nightstar-l49opt.fixed.kpn.net] has joined #code
20:28		macdjord [macdjord@Nightstar-re5.7if.45.45.IP] has quit [[NS] Quit: Deep inside, every housecat believes themself to be just a temporarily embarrassed tiger.]
20:28	<&McMartin>	"The Gostak is a gostoid in the category of endodistimmors"
20:31		macdjord [macdjord@Nightstar-re5.7if.45.45.IP] has joined #code
20:31		mode/#code [+o macdjord] by ChanServ
20:46		himi [sjjf@Nightstar-v37cpe.internode.on.net] has quit [Ping timeout: 121 seconds]
21:17		catalyst is now known as jessika
21:20	<~Vornicus>	That is the most obscure joke I have heard all year
22:30		Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed]
22:44	<&Reiver>	...
22:47		Kizor [a@Nightstar-nfsqa7.yok.fi] has quit [[NS] Quit: ]
22:51	< abudhabi>	Hahaha.
22:51		Kizor [a@Nightstar-nfsqa7.yok.fi] has joined #code
22:51		Kizor [a@Nightstar-nfsqa7.yok.fi] has left #code []
22:52		Kizor [a@Nightstar-nfsqa7.yok.fi] has joined #code
22:52		Kizor [a@Nightstar-nfsqa7.yok.fi] has left #code []
22:52		Kizor [a@Nightstar-nfsqa7.yok.fi] has joined #code
23:02		himi [sjjf@Nightstar-1drtbs.anu.edu.au] has joined #code
23:02		mode/#code [+o himi] by ChanServ
23:24	<&[R]>	"[...] an attacker can theoretically cause the service to emit 2,147,483,647 responses to a single malicious command. Each response generates two packets on the wire, leading to approximately 4,294,967,294 amplified attack packets being directed toward the attack victim." https://blog.cloudflare.com/cve-2022-26143/
23:25	<@Tamber>	wince
23:31	<@Tamber>	oh wow.
23:31	<@Tamber>	<<over the course of the [14 hour] attack, the "counter" packet salone would generate roughly 95.5GB of amplified attack traffic>>
23:32	<@Tamber>	<<"diagnostic output" packets would account for an additional 2.5TB>> holy fucking shit.
23:32	<&[R]>	Just a little itsy bitsy oopsie
23:34	<&ToxicFrog>	Goddamn.
23:47		Emmy [Emmy@Nightstar-l49opt.fixed.kpn.net] has quit [Ping timeout: 121 seconds]
--- Log closed Wed Mar 09 00:00:01 2022

code logs -> 2022 -> Tue, 08 Mar 2022

< code.20220307.log - code.20220309.log >

[ Latest log file ]