May 2018 Archives
Thu May 31 16:18:27 EEST 2018
joke 2018-05-31
What is your sexual fantasy? He dies during sex and leaves me $150M USD
Mon May 28 13:55:32 EEST 2018
Stories from the past: the qmail-smtpd on freebsd exploit
Stories from the past: the qmail-smtpd on freebsd exploit The qmail smtpd exploit on freebsd is probably the most bragable of my exploits. The advisory is at [1] and is rather short. Don't remember it is so because of "if it was hard to write, it must be hard to understand". I don't like this exploit much, the *BSD kernel stuff is better IMHO. The provably exploitable part of the advisory is: --- char *p; int i; /*XXX signed int*/ ... p[i]=0; --- In case $i$ is negative, this is out of bounds write. It is not integer overflow, more like memory corruption. The process of discovery was rational [^2] dirty labour: 1. analyze 2. test 3. in case of failure (almost surely it fails) repeat 4. return SUCCESS The process took _long_. Temporary gave up several times, until I pressed the lucky keys. Exploitability required about 20GB of virtual memory. djb basically replied: "This is not a bug, this is a feature. Nobody gives so much virtual memory to qmail". The strongest counterclaims to djb's answer are: 1. The installation instructions don't mention limits 2. In the future libc alone can become larger than the limits [1] http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html [^2]: in math irrational and transcendental stuff are more interesting than rational stuff.
Tue May 15 14:41:04 EEST 2018
Open letter to HRs
Hi HR, You are a proxy recruiter, right? Assuming so I appear to be the ``product''. Here is a brief summary of the product: I was active in security in the period 1997-2007, mainly disclosing my 0days. Per my estimate was in top 3% overall of the public hacking scene (this might be far off in both directions). During roughly this time was Netscape/Mozilla independent security consultant, mainly pre-0days and advice for the Firefox browser. Then I went on a vacation, mainly enjoying life and doing experimental mathematics as a hobby. I am considering return in the IT stuff. Some of the things I DO NOT do currently: 1. 0days (AKA security bug hunting) 2. working with products of microsoft (don't like MS). 3. relocation from Sofia, Bulgaria (it is in the EU). Some of the things I would like to do (not all applicable for you): 1. Experimental mathematics/data analysis 2. Software quality assurance (QA) 3. Hardening systems 4. Privacy research 5. Some security research without 0days 6. Possibly software development 7. Possibly security consulting In all non-trivial stuff I have done I am self taught, education didn't help much. CV: http://j.ludost.net/resumegg.pdf Georgi Guninski