Olivia
Online
David Leadbeater
@davidgl
Open Source Software Engineer 👨💻 and Security. Mostly post at 🐘
🇦🇺
Joined April 2008
402 Following
317 Followers
132 Posts
You have a bash command line of "exec program ..." and you control "..." can you make it do something different? What if it is somewhat sanitised for shell metacharacters? If you can inject $[+] it will make bash error on that line and run the next. 👀 https://t.co/6kI2MW6i3J
I'll be speaking at BSides Canberra: https://t.co/geEXOQxU4e -- this will cover my recent find of an RCE in Git (https://t.co/0IDoX2mVro) and how that and some other vulnerabilities could be used against developers.
@b1ack0wl @trshpuppy @CVEnew If anything it's a lesson that drawing conclusions from the CVE write-up is fraught with danger. There's a demo of one possible attack vector in my write-up at https://t.co/6LV1TyshaV which does not need the user to press enter, although it is configuration dependant.
@solaticlunatic @CVEnew There are some possibilites for an exploit without the user pressing enter, or social engineering (e.g. using invisible text). I did a write-up with one configuration dependant exploit at https://t.co/6LV1TyshaV
New blog post: Ghostty 1.0.0 terminal security; https://t.co/6LV1TyshaV (CVE-2024-56803)
@GlennPegden @stiggle @stokfredrik Another one to check is reverse DNS; even on modern systems. macOS’s traceroute wasn’t escaping until quite recently (I reported it about this time last year and they fixed it sometime after that, although it lowercased everything so was hard to actually exploit)
@GlennPegden @stiggle @stokfredrik One fun in DOS with ANSI.SYS loaded is disk labels can have ANSI escapes in them (at least with CDs made with mkisofs, native DOS tools don't let you, but I suspect a hex edit works). The result is I have a CD where simply typing "dir" on it redefines enter so it nearly autoruns!
Latest write up from @davidgl detailing his research into terminal escapes and the 10 ‼️ @NISTcyber CVEs that had potential for remote code execution.
@defcon @MSFTBlueHat @_everythingopen @linuxaustralia @linuxfoundation
#opensource #cybersecurity
https://t.co/OwVHoltG8X
@GlennPegden @stiggle @UKCougar @tobyontour @stokfredrik Thanks :)
One of the things I didn’t quite have time to explicitly into in my talk, is back in the day people were more aware of this. It turns out various basic tools which did do escaping in the past have just lost it.
For once a non-security terminal thing. I'm sure someone else has written this but I couldn't find it; here's a simple script that makes commit IDs in "git log" clickable (in many terminals): https://t.co/KMQekaIgcA
@GeoffreyHuntley @_everythingopen @LaTerminalApp I looked at that. Underneath @LaTerminalApp uses SwiftTerm and I found https://t.co/g9zQx9YIRk — @migueldeicaza fixed it very quickly!
Thank you to everyone who attended my @_everythingopen talk, with more of my terminal research. I've published the Docker image PoC that I demoed, see https://t.co/AvrjFwFYiF
@raphink @AWS_Snarkitect @urlichsanais Why not just let your untrusted users run a service called ‘google’ in a namespace called ‘com’
@isomer @jlbec PS: I'm no expert on this, I just happen to have the plan 9 tools installed to play with...
@isomer @jlbec Except not quite, because the default ifs means that parses as a list, so:
% echo --`{uname -sr}
--Darwin --21.6.0
% ifs='
' # only newline
% echo --`{uname -sr}
--Darwin 21.6.0
[except now multiline output repeats the arg, maybe you meant that?]
@techpractical @TokenScandi https://t.co/cr9jhLyC8H grep for /joint/
@techpractical @TokenScandi Unicode does have some lists of alternatives, but I don't believe for emoji; this seems to be coming from https://t.co/vELfVH1q51 in mastodon's case... most emoji pickers (even on phones) have some custom list of words
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.9M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers