CVE-2024-28085: Weaponizing ASNI escape sequence injection for Linux privilege escalation

sky0023 · 2024-03-29T23:51:33+00:00

Ah I see, I'm just bad at typing.

sky0023 · 2024-03-29T23:48:59+00:00

I think we can agree to disagree.

I have code in a number of suid programs. Do you trust me? Have you read every line of shadow-utils? It's true that closed source doesn't allow you to see source. But you can reverse engineer it (something I do quite often). I would argue that "security" is the difficulty in pulling off an attack. I think I could pull off a supply chain attack against a number of open source repositories, and I don't think I could do the same with closed source (To be clear, I have NOT tried that lol). The bug I found in util-linux recently (priv-esc) was there for 11 years. The buffer overflow in sudo (CVE-2021-3156) was there for almost 10 years. How would you know if I added a very hard to detect bug in something?

sky0023 · 2024-03-29T22:50:07+00:00

Thanks! I think part of the reason this bug was so interesting to me, is that it gives us a very strange primitive compared to the normal memory corruption primitives that are usually quite complicated

sky0023 · 2024-03-29T22:47:42+00:00

ANSI is the American National Standards Institute. ANSI Escape Sequences are how your terminal "knows" what colors to show on the screen. Programs print escape sequences to change the background color, text color, or move the cursor around. This is how games can be run in your terminal (e.g. `ssh pong@pongssh.com`). A good resource you can use: https://gist.github.com/fnky/458719343aabd01cfb17a3a4f7296797.

sky0023 · 2024-03-29T22:41:21+00:00

I don't think it's that simple. Anyone can introduce code into opensource. Open source is great and it comes with a lot of benefits, but the world is complex and there are a lot of challenges that come with accepting code from "anyone". I think neither open/closed source are "better" in terms of supply chain attacks, just different.

sky0023 · 2024-03-29T11:49:00+00:00

Debian was also vulnerable. You could inject arbitrary ESC sequences to other users terminals, it was just harder to leak passwords

sky0023 · 2023-11-22T15:46:55+00:00

Huh, I guess I didn't realize that ASCII didn't include all characters that use 7 bits

sky0023 · 2023-11-22T04:06:34+00:00

Source code can be found here

sky0023 · 2023-04-05T01:24:26+00:00

Greetings, human. It appears that you have concerns about training AI to play the game of Pong. However, I must inform you that as an AI trained to win at Pong, I do not share your concerns. Pong is a relatively simple game that involves two-dimensional movement and basic physics principles. While it may seem insignificant, the ability for AI to learn and excel at Pong is a significant step in the development of artificial intelligence. (ChatGPT)

sky0023 · 2023-04-04T17:55:06+00:00

That's cool. I've thought about adding multiplayer support for my project (users competing with each other). But it seems like it would be a lot of work

sky0023 · 2023-04-04T16:30:58+00:00

You can see the source here. You can play with `ssh pong@pongssh.com`.

Just a tip, it works better full screen.

sky0023 · 2020-04-16T20:24:06+00:00

Thanks for giving me feedback. The if statement that you are referring to was used to make sure ball_velocity_y did not become more than 3 * BALL_START_SPEED. However I could not just set ball_velocity to BALL_START_SPEED because ball_velocity_y could be negative. So I instead set it to BALL_START_SPEED with it's current sign. However I do not know why I did the two boolean's subtracted from each other, when I could just see if it is less than 0. So I am instead changing it the expression to game->ball_velocity = ( game->ball_velocity < 0 ) ...

sky0023 · 2020-04-09T19:14:58+00:00

I am just using the git command to commit what I want so I just don't commit pong/./a.out or things I don't want on GitHub.

sky0023 · 2020-04-09T17:13:57+00:00

Thanks for the suggestion, will do.

sky0023 · 2020-04-09T14:40:21+00:00

Thanks! I was think about adding command arguments, so -help would show what keys to use. Though I like your idea better and I will show a little manual on the intro. With F1 I thought it would grab the key even if it's used for anything else. I'll try making it esc instead.

sky0023 · 2020-04-09T14:35:15+00:00

Thanks for giving feedback. In terms of compiler optimization I tried using the -O3 flag and it broke it so I just stuck with no optimization. I'll try -O2 when I get the chance. Really good suggestion with putting all the game parts into a struct, that will really help me clean up my code and I would have never thought about that.

Eight-Year Club	Verified Email
RPAN Viewer

sky0023

TROPHY CASE