Because of the copy-fail exploit there is a python script that is only ten lines long that can root every single linux distribution. And because your browser runs almost everything, an attacker can use a packet injection to compromise your machine. All they have to do is work out your IP address (fyi, if you are not using the tor browser in a vm or whonix then you are constantly leaking your IP address all over the internet) and then send the script to port 80 or port 443 on your machine. If your browser was running at that moment, they are now connected to your machine through your browser and they are root.Once they've done that they can make the compromise permanent by using fwupd to install malware on your motherboard. And because the attack is entirely in RAM and on the motherboard they don't leave behind any forensic evidence on your hard drive. That means that if you can run a program like AIDE over your entire filesystem before and after this attack, and you won't find anything.It gets even better, because copy-fail allows people to escape containers. Even if you run your browser in a container that limits access, this exploit still works. Copy-fail can also enable escape from sandboxes that use c-groups like firejail.This exploit was in the linux kernel for NINE years. This is your daily reminder that Linus Torvalds is the biggest fuck up in the history of the IT industry. I know that this man has a following of buttbuddy fan boys and I challenge all of you to name just one fuck up that was bigger than Linus Torvald's one.
This shows once again that Linux is anything but secure. And that the security argument against other OSes is a weak one.
>>108798079Link?
What if my browser is a waterfox flatpak on silverblue? I also heard some youtuber say we should upgrade our kernels, so I assume it's patched?
>>108798079if there was an exploit that caused my linux machine to be permanently pwned and all files were deleted every other month I would still stay with linux. using windows is just that miserable of an experience
>And because your browser runs almost everything, an attacker can use a packet injection to compromise your machine. If an attacker can get around my browser's sandbox that easily I have way bigger problems than root escalation.
>>108798099>waterfoxhttps://x.com/GrapheneOS/status/1976077020212977773>flatpakhttps://github.com/flatpak/flatpak/issues/5921
>>108798079OpenBSD: unaffectedMicrokernels: unaffected, can not ever be affected by one kernel (driver) exploit to this level
>>108798079>Once they've done that they can make the compromise permanent by using fwupd to install malware on your motherboard. And because the attack is entirely in RAM and on the motherboard they don't leave behind any forensic evidence on your hard drive. That means that if you can run a program like AIDE over your entire filesystem before and after this attack, and you won't find anything.what about dumping bios to verify?what about flashing bios - can hacked bios forever refuse any future upgrades and just pretend to install them?how this changes between mother boards?How to properly defend from this on older boards,and how on the recent ones?I assume desoldering some chip (programmable ROM) and moving it to the programmer board is the sure way to "externally" force dump it and as well force upgrade it?
>>108798079>/g/eet tard>3 LPE old bug>hallucinated technical info
>>108798091That's actually python vulnerability and user space issue.
>>108798079>This exploit was in the linux kernel for NINE years.There are over 15 major exploits in the linux kernel. You have know idea how little you know. Not just that but I TOLD YOU before anthropic and /g/ linux users made fun of me.>t. race condition knower and offline LAN
>>108798256>There are over 15 major exploits in the linux kernel. You have know idea how little you know. Not just that but I TOLD YOU before anthropic and /g/ linux users made fun of me.Unpatched?You making this up, or...?
>>108798261>Unpatched?yes>>108798261>You making this up, or...?that's a minimum, it's riddled with them. I'm not in an operating system tribe either, the only way to be secure is to have an offline lan. Linux is wide open and has been for ten years.
>>108798079>And because your browser runs almost everything, an attacker can use a packet injection to compromise your machine. All they have to do is work out your IP address (fyi, if you are not using the tor browser in a vm or whonix then you are constantly leaking your IP address all over the internet) and then send the script to port 80 or port 443 on your machine.What the fuck are you talking about?Why would a web browser be listening on port 80 or 443 for python scripts and execute them?This is how you know dead internet theory is bullshit. Even the shittiest chinese llms are smarter than this
>>108798268>>You making this up, or...?>that's a minimum, it's riddled with them. I'm not in an operating system tribe either, the only way to be secure is to have an offline lan. Linux is wide open and has been for ten years.show some code, POC or something
>>108798280The take the ten things that the python script does and then write a script in another language that your browser will execute.
>>108798079you just know OP is a shill and full of shit, when he said>"browser can run anything"
>>108798295Go read a bookIf you're not smart enough for books, chatgpt is free
>>108798079>and then send the script to port 80 or port 443 on your machine. If your browser was running at that moment, they are now connected to your machine through your browser and they are root.That's not how browsers fucking work.Jesus christ.
>>108798312Yeah, well I saw someone do it and I believe my eyes.
>>108798328Fucking moron.You have no idea what you saw.
>>108798328no firefox listens on 80/443idiot
>>108798079Linus did CopyFail
>>108798079>an attacker can use a packet injectionwow!local exclusive attacks!we don't get many of those!
> attacking someone personally for something he hasn't done> escalating and blaming the entire idea of open source OSesYou're a special kind of stupid. Either because you don't understand what you're talking about or because you take (((their))) money for talking shit.No (You) for OP and other shills.
>>108798268Everything (maybe except seL4-based?), is. Worst of all is openbsd, and at least linux has various ways to mitigate (e.g. grsec, MAC, etc.)All modern software suck, period.
>>108798650>Worst of all is openbsd, and at least linux has various ways to mitigate (e.g. grsec, MAC, etc.)grsec is mostly dead (closed off to normal users), right?OpenBSD is the best, or show your profs, glower.OpenBSD uses unvail / pledge, in place similar to grsec-RBAC.I think openbsd might benefit from adapting things such as namespaces, firejail/bubblewrap, though their approach is different. I think best would be to have OpenBSD instances as separate containers.Perhaps inside of microkernel, not SeL4 per se, but SculptureOS+NOVA.
>>108798079Uhh no, it cannot escape the browser sandbox unless you have a malicious extension.Web browsers block copy_file_range() via seccomp most of the time, so you would pretty much need to install a malicious extension or something like that.
>>108798079>fwupd to install malware on your motherboard.I modified my motherboard to disable flashing from software. It's technically impossible because the voltage cannot be set high enough to write the EEPROM any longer (without a physical switch)
>>108798450If it did, Firefox wouldn't work for me, because only 1 service at a time can listen to a port and I have something listening to both.Firefox works fine.
Torvalds just did the CopyFail exploit, after the AI security tools found a Root exploit inside the Linux kernel source code by Theori
>>108798079>postfail
>>108798691>grsec is mostly dead (closed off to normal users), right?Yes. Older versions are still available, but newer ones are closed source and thus not worth using.>OpenBSD is the best, or show your profs, glower.is u srsevery time even a student has a look over the weekend they find 30 year old remote code executions and privilege escalation issues, and since theo the rat refuses to use MAC and other approaches as an additional line of defense, unlike in linux where in practice even exploits like in OP are not actually possible to exploit, you are hosed as soon as the slightest issue comes up. The strategy on the openplacebo side is merely to pretend that bugs don't need CVEs and don't count as exploits except if it is exclusively a direct unattended unprivileged remote code execution in a ports package.There is no extended access control, no capabilities access control, all 'security' measures are either audits (but that only applies to the installed system, nothing else is audited and the openbsd devs disclaim any responsibility for vulnerability in anything you install even through official means, so as soon as you need to do something useful with openbsd it's automatically open season because again, no isolation at all anywhere), all security is either 'trust me bro I checked the code oh oops I missed this and this and this but it won't happen again bro trust me' or 'it's the package's fault for not implementing the special snowflake code we said should be used haha'.Some assorted material:https://isopenbsdsecu.re/pdf/slides.pdf (and https://www.youtube.com/watch?v=3E9ga-CylWQ )https://www.youtube.com/watch?v=rRg2vuwF1hY (props to openbsd's response, no props for the vulns being there in the first place and again remember: vulns in other OSs may be useless because of mitigs. THERE ARE NO MITIGS IN OPENBSDLAND).
>>108798103Truth. Windows is the popup/ad OS. You tend to forget how bad it really is if you spend some time away from it, but then you go back to it and it just can't stay the hell out of your way.
>>108798295You'd have to pwn their browser with some JavaScript or CSS exploit first. Break out of the browser's sandbox with another exploit. Way harder. Then you could run your kernel exploit. This is not a real problem.
CopyFail is one of the AI meme bugs that require every single security feature disabled to work. You're going to start seeing a huge amount of these.
Unix was made in the 70s.Deprecated by its own authors in the 80s.Reimplemented by Linus in the 90s even after people from Bell and Andy told him to do something better.The only reason people used it was because it was free, not because it was a good design nor implementation. And here we are 50 years later.
>>108799607Basically the same dynamics that made unix relevant at all -- it was given for free to unis so uni kids would learn this and go off in the workplace and create unix companies, and companies would use unix to have an easier time recruiting.In software, distribution and marketing has always trumped quality when it comes to adoption unfortunately. It also happens that the best advertised/distributed software is typically that of lower quality (likely because there isn't enough time in a day to do all the things well so it's a tradeoff of priorities).
The security spaghetti on my bespoke Gentoo using only hardened profile & an artisan crafted KConfig cripple my PC so extensively it's practically impossible to do anything but play gnujump, lurk 4chan or browse hitomi.
>>108798079Your browser just runs random python it receives on port 80?
>>108798079>All they have to do is work out your IP address and then send the script to port 80 or port 443 on your machine. If your browser was running at that moment, they are now connected to your machine through your browser and they are rootlol. lmao even. Why is everyone who makes threads about CVEs clinically retarded?
>>108799607Yeah if BSD hadn't been stuck in court, or GNU had a working kernel, not many ppl would have contributed to Linux..
>>108799527it does matter, but also doesn't. this can be used to shake down browser security even more. however, its already completely fucking pozzed forwards and backwards so theres no real situation where this makes the internet worse its already in death spiral.
>>108798256>jeetdows is totally better>yeah i know nobody can even find the unintentional AND intentional exploits there because the code aint public but TRUST ME BRO
>>108798079>oh no, a kernel module I don't even use has a security flaw>disable the module with a single terminal commandLiteral nothing burger.
>>108805464>>oh no, a kernel module I don't even usebut the exploit uses it, the problem was it was turned on by default almost everywhere
