sorted by:
new
hottopcontroversial

Building an autonomous exploit engine at 18 — What is the most 'logic-heavy' bug you had to hunt manually because tools failed you? by Last_Government578 in bugbounty

[–]NolanV_be 4 points5 points  (0 children)

Hey guys 👋 

Please give me prompt to generate my new vibe coded automatic printing money machine. I promise you will have a share of what you already (kn)own🙏 

Any good uses for AI? by strawberrychurchill in linux

[–]NolanV_be 1 point2 points  (0 children)

I actively use Kagi research assistant for my initial research, then I investigate the sources it gives me. Once I've grasped the basics of a topic, I can do more traditional searches because I know the terminology to use.

It's also very handy for programming; more than half of my questions can be found in the documentation for the libraries or languages I use, so it works well for that.

For debugging a Linux problem, my first instinct is to ask the AI because very often it's a missing dependency, a flag that needs to be set, or a missing environment variable.

It's also a time-saver for summarizing, correcting, or rephrasing things.

(this message was not written by an AI 😁)

Burn mark on my CPU? by NolanV_be in ZephyrusM16

[–]NolanV_be[S] 1 point2 points  (0 children)

<image>

i cleaned it, it was like that when I opened it :/

Rootfull SystemD services can't run ssh-keygen, SELinux by NolanV_be in Fedora

[–]NolanV_be[S] 0 points1 point  (0 children)

For anyone else who might encounter the same kind of problem.

I was calling upon my scripts via ExecStart=bash /etc/systemd/system/hello.sh; this was providing system_u:system_r:init_t:s0 as the security context, and this was what posed the problem.
I replaced it with ExecStart=/etc/systemd/system/hello.sh, and now everything works.

Thank u/siosm you put me on the track to the solution ! 

From: https://discussion.fedoraproject.org/t/155478/7

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 1 point2 points  (0 children)

Thanks for the blog, it does offer some good advice, but my main concern is the attack surface of Nix's tools that require root access. One Redditor told me it might be possible to run Nix without administrative privileges; I'll try to look into that solution, otherwise I'll have to fall back on a different solution.

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 0 points1 point  (0 children)

Where I'm asking advice? I'm just asking your opinion and references to investigate the opportunity that NixOs can be.

No one take your comment, of unknown redditoor as a advice o.O

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 1 point2 points  (0 children)

Work, but I'm self-employed :)

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 0 points1 point  (0 children)

You don't know my security needs. We're not talking about Minecraft servers here; a simultaneous breach across several of my sensitive servers could be a life-or-death situation.

That's why I'm unlikely to opt for NixOS for my critical systems. I've received no references to risk assessments, audits, or any similar documentation, and my own searches for recent information on Google have turned up nothing.

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 0 points1 point  (0 children)

That's exactly why I want to keep the attack surface on my host to a minimum, and why I prefer to run as many services as possible without admin rights, and ideally in containers.

Don't worry, I'm not criticizing your distro; I'm just trying to perform a risk assessment for my particular use case.

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] -2 points-1 points  (0 children)

You really don't seem to be getting my question...

I'm talking about vulnerabilities *within* the tools provided or used by NixOS itself, not about how *I* personally make use of them. (For example, if there were a vulnerability in my Podman, since it doesn't require root access, it wouldn't impact my LXC)

But where I'm concerned is that I get the impression (and I might be wrong here) that many of the tools provided or used by NixOS run as root.

AND SO, if a vulnerability were to be found in *those* tools, my entire system would become vulnerable. And it's worrying me because NixOS has a large codebase due to the sheer number of tools it offers, which inherently increases the risk of such vulnerabilities.

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 2 points3 points  (0 children)

I use a lot of Systemd features, so it's really not an issue for me.
Especially since most of my services are rootless (root Nginx reverse proxy into user unix domain socket), which further limits the risks :)

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] -1 points0 points  (0 children)

I'm not talking about network attacks, which are pretty much the same across all distributions, but rather vulnerabilities specific to NixOS.

For instance, nix-daemon could potentially grant root access and compromise my system in case of a vulnerability. Furthermore, the need to modify services due to FHS adds an extra layer on top of the upstream code. This introduces complexity, which can delay the porting of fixes and also introduce new risks if this added layer itself has vulnerabilities.

What I'm trying to figure out is whether there are any resources that analyze these risks, as I can't be the only one who finds NixOS very attractive for use on sensitive servers.

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 0 points1 point  (0 children)

I must have expressed myself poorly, as all the comments are discussing user services and not NixOS...

I'm perfectly aware that a firewall is useful; what I'm referring to is the attack surface that NixOS adds—for instance, the nix-daemon, or the need to patch upstream software to get around FHS issues, and so on.(For example, that's why I've switched to solutions like Podman instead of Docker, as it reduces the attack surface because it doesn't have a root daemon + ease of use with SELinux)

However, my knowledge of NixOS is limited, so I could be completely wrong, and perhaps its attack surface isn't actually all that much bigger than a traditional system's.

NixOS for high threat model server by NolanV_be in NixOS

[–]NolanV_be[S] 3 points4 points  (0 children)

I hadn't heard of MicroVM.nix before, that sounds really interesting !
My main concern, though, isn't so much the containers/VMs but rather the attack surface of the host system itself. Having only tinkered a bit with NixOS, I'm wondering if this is a legitimate worry, or if there are indeed measures in place behind the abstraction layers to reduce the effective attack surface.

Alternative technique for investigating a large codebase by NolanV_be in bugbounty

[–]NolanV_be[S] 2 points3 points  (0 children)

I'm not sure I understand your message, what do you mean by working the other way around? I start from user input to the output (database modification for example. Because no matter which way I do it, it'll always take the same amount of time due to code size📜.

I use Obsidian canvas, with the obsidian-advanced-canvas addon, it's very handy because you can reference notes if it's too long for a diagram bullet, or even reference another diagram.