Open Bar: Drinks are on the Supreme Court

Started by Cain, October 02, 2018, 12:20:11 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 6 7 8 9 10 11 12 ... 100
User actions

chaotic neutral observer

#120
November 02, 2018, 12:24:01 AM
Quote from: axod on November 02, 2018, 12:05:15 AM
Quote from: chaotic neutral observer on November 01, 2018, 11:04:08 PM
I don't worry too much about exploits that require console access.  Unless the admin is paranoid, physical access is enough to hack most linux boxes with no more than a reboot.  Just set init=/bin/bash in the bootloader, and you're in.
you could remotely ssh and escalate any user to root without physical access or reboot privs. or, is ssh considered physical access?
ssh is not physical access.  I would consider remote privilege escalation (via ssh) a more serious problem.

What I mean, is that if you're physically present at the computer's console (keyboard and display), you can often get control over it quite easily (which may include unplugging it, picking it up, and walking away).

This is the sort of thing I'm talking about: https://wiki.archlinux.org/index.php/Reset_lost_root_password

Edit: And to make the context clear, it appears that CVE-2018-14665 requires console access.
Desine fata deum flecti sperare precando.

chaotic neutral observer

#121
November 02, 2018, 01:20:35 AM
I had some leftover Halloween candy, but I'm on a diet, and leaving it around the house would be a Bad Idea.
Then I remembered that I hate my co-workers, so I took it to work, and dumped it all on the counter in front of the coffee machine.
ENJOY YOUR OBESITY, BASTARDS.

It was all gone by mid-afternoon. :evil:
Desine fata deum flecti sperare precando.

minuspace

#122
November 02, 2018, 03:09:37 AM
Quote from: chaotic neutral observer on November 02, 2018, 12:24:01 AM
Quote from: axod on November 02, 2018, 12:05:15 AM
Quote from: chaotic neutral observer on November 01, 2018, 11:04:08 PM
I don't worry too much about exploits that require console access.  Unless the admin is paranoid, physical access is enough to hack most linux boxes with no more than a reboot.  Just set init=/bin/bash in the bootloader, and you're in.
you could remotely ssh and escalate any user to root without physical access or reboot privs. or, is ssh considered physical access?
ssh is not physical access.  I would consider remote privilege escalation (via ssh) a more serious problem.

What I mean, is that if you're physically present at the computer's console (keyboard and display), you can often get control over it quite easily (which may include unplugging it, picking it up, and walking away).

This is the sort of thing I'm talking about: https://wiki.archlinux.org/index.php/Reset_lost_root_password

Edit: And to make the context clear, it appears that CVE-2018-14665 requires console access.

Pre-scriptum:
By this insistence on the word "console" I predict that you operate in a windows environment.

From what I gather, 14665 does not require physical access and has been executed via SSH:
"OpenBSD #0day Xorg LPE via [...] 665 can be triggered from remote SSH"
—@HaXOrFantastique

PS: I'm not THAT fat yet

chaotic neutral observer

#123
November 02, 2018, 03:57:11 AM
Quote from: LuciferX on November 02, 2018, 03:09:37 AM
Pre-scriptum:
By this insistence on the word "console" I predict that you operate in a windows environment.
Hardly.  The last Microsoft OS I have significant experience was Windows 98.  Then I spent a couple years with RedHat, until I developed a deathly hatred for RPM, after which I switched to Gentoo, which I have been using ever since.  They let me use it at work, too, although most of my co-workers use Ubuntu.

Quote
From what I gather, 14665 does not require physical access and has been executed via SSH:
"OpenBSD #0day Xorg LPE via [...] 665 can be triggered from remote SSH"
—@HaXOrFantastique

My initial reading on the subject was focussed on Linux, where it appears to be a local-only exploit, but on further searching, it appears that it can be remotely triggered on OpenBSD.  I partially retract my initial glibness.
Desine fata deum flecti sperare precando.

axod

#124
November 02, 2018, 04:36:42 AM
Quote from: chaotic neutral observer on November 02, 2018, 03:57:11 AM
Quote from: LuciferX on November 02, 2018, 03:09:37 AM
Pre-scriptum:
By this insistence on the word "console" I predict that you operate in a windows environment.
Hardly.  The last Microsoft OS I have significant experience was Windows 98.  Then I spent a couple years with RedHat, until I developed a deathly hatred for RPM, after which I switched to Gentoo, which I have been using ever since.  They let me use it at work, too, although most of my co-workers use Ubuntu.

Quote
From what I gather, 14665 does not require physical access and has been executed via SSH:
"OpenBSD #0day Xorg LPE via [...] 665 can be triggered from remote SSH"
—@HaXOrFantastique

My initial reading on the subject was focussed on Linux, where it appears to be a local-only exploit, but on further searching, it appears that it can be remotely triggered on OpenBSD.  I partially retract my initial glibness.
what would make BSD remove that line of code from BSD update!
just this

LMNO

#125
November 06, 2018, 01:51:43 PM
Well, I voted.

As soon as the liquor store opens, I'm buying a bottle of rye.  It'll either be celebratory or mourning... either way, whiskey is appropriate.

Cain

#126
November 06, 2018, 01:59:45 PM
If I made a joke about my also voting, what are the chances it would be on FOX News within a week as proof of illegal voting?

LMNO

#127
November 06, 2018, 02:02:06 PM
If you do it on FB and Twitter, I give it three hours.

chaotic neutral observer

#128
November 06, 2018, 02:08:51 PM
I yelled at some people on the internet to get out and vote against Trump, so I guess that counts as foreign interference.
Desine fata deum flecti sperare precando.

Doktor Howl

#129
November 06, 2018, 03:01:48 PM
5 days until the 100th anniversary of the end of world war I. 

Molon Lube

hooplala

#130
November 06, 2018, 03:24:17 PM
When I was a kid, "100 years ago" seeemed like a completely different era. But the end of WW1 doesnt seem all that long ago. I guess I'm old.  :cry:
"Soon all of us will have special names" — Professor Brian O'Blivion

"Now's not the time to get silly, so wear your big boots and jump on the garbage clowns." — Bob Dylan?

"Do I contradict myself?
Very well then I contradict myself,
(I am large, I contain multitudes.)" — Walt Whitman

LMNO

#131
November 06, 2018, 04:01:00 PM
I just think it's nifty that 100 years ago, we had a war to end all wars, and it's been pretty good since then.


Wait, I think I posted this in the wrong thread.

Doktor Howl

#132
November 06, 2018, 04:50:30 PM
Quote from: LMNO on November 06, 2018, 04:01:00 PM
I just think it's nifty that 100 years ago, we had a war to end all wars, and it's been pretty good since then.


Wait, I think I posted this in the wrong thread.
Also, JFK and Lee Harvey Oswald died natural deaths in 1963 and everything has been FINE ever since.
Molon Lube

Cain

#133
November 08, 2018, 03:52:00 PM
Assuming I'm not screwed over on the references front, it appears I have a new job.  Legal research ahoy!

LMNO

#134
November 08, 2018, 05:00:20 PM
Quote from: Cain on November 08, 2018, 03:52:00 PM
Assuming I'm not screwed over on the references front, it appears I have a new job.  Legal research ahoy!
:banana:
Print
Go Up Pages 1 ... 6 7 8 9 10 11 12 ... 100
User actions