Just like in the movies, thumb drives are enabled and auto-magically work in all banking hardware/workstations I assume...
At least, they seem to have a non real-time system that reports "incidents" months later.
I have seen places where, non only can't you access anything from a thumb drive, but security guards auto-magically appear at your desk if you try to plug one in.
Actually, you can give access to what you want,/dev,/proc,/sys... or not as you wish. Letting anything run as root in a chroot when using it as a mild isolation technique is a big no-no and has always been.
chroot can still be used as a mild isolation technique if you know what you are doing. That's why I mentioned that privilege escalation can happen even in VMs.
Damn, I remember back in the days, logging in a system as guest and getting root in 30 seconds with an xterm exploit. Privilege escalation is the name of the game.
Hmm, chroot needs to include its own OS or at least the parts you need to run said chrooted process unless compiled statically and still. This would make it more than sandbox lite according to your definition.
chroot is viewed as less secure as bsd jails because it wasn't designed for a security purpose in the first place.
I have a slackware pure 64 bits, no compat 32 what so ever. I chroot to a 32 bits full install and everything runs smoothly for legacy 32 bits apps.
Granted, only one kernel runs, 1/sys/proc, etc., which is "less isolated" than a qemu vm but lets you run on bare metal for specific applications.
Anyway, even VMs can be victims of privilege escalation. BSD jail is less subject to it than chroot I hear. Good old unix chroot still has its usage nevertheless IMHO.
Increasingly systems like Comcast X1 are delivering live linear streams as IP - just IP that never needs to suffer the packet loss and jitter of the open Internet.
Most cable co do this now. Mine has even dropped support for analog signal over cable. OK, that pissed me off because there no way to just hook up a splitter/booster and have TV in all rooms by yourself anymore. I now need a device for each TV and the devices receive the signal through IP even if you don't subscribe to Internet services with them.
They typically use LAN IPs (usually 10.0.0.0/8) to route traffic even for Internet subscribers. You just don't usually see it but I noticed the dhcpd giving me my Internet public address all have 10.0.0.0/8 addresses and I needed to allow communication with them since I usually block that traffic.
I also worked for some cable co doing provisioning software and such. Each Internet cable modem has at least 2 IP adresses, one 10.0.0.0/8 and a public IP. They route to your public IP through the 10.0.0.0/8 address.
route add (publicIP) gw (10.0.0.0/8 address) for the Internet access.
The TV devices are plugged in before the cable modem so they have direct access to the the internal cable co LAN without going through the cable modem. Each TV device has its own MAC address and 10.0.0.0/8 IP. Easy enough to know what you are watching isn't it?
By the way, cable co that offer phone also do it through IP (VOIP) and you don't notice unless you try to use an old fax machine and even then...
In the end, the cable network has become just an IP network over DOCSYS.
No problems here, I run my own DNS and flush the cache at will if needed to query the root server and then authoritative server etc. Handy for testing sometimes when moving domains. Once the customer domain moved and the tests are conclusive, it happens that I have to tell the customer that his previous provider should have set the TTL lower than 3 weeks so people using their provider DNS could see the site a little earlier;-)
I usually set TTL from 10 minutes (dyndns) to 6 hours depending on the domain to make moving easier.
Since then I've seen a number of accounting systems that allow all sorts of monkeying around, including posting adjusting entries for a fiscal year within that fiscal year, even though you may be a couple of months into the current fiscal year. It seems common practice now, but a quarter of a century ago that was viewed as completely inappropriate, as it opened the door for fraud.
Thanks for updating me to 2016, amazing!
Of course, as another poster has mentioned, it is always possible to restore from backup or whatever to fool the system around but the only thing I knew about was what I described first.
Slashdot Mirror
Are you sure you can read?
OP asked:
"Was this a unix-linux level bug?"
Can't you notice the "linux" in there?
And... linux has got nothing to do with it. Linux is not BSD it is minix.
https://en.wikipedia.org/wiki/...
How many dollars is 12 O $ in decimal numeric format?
Because with O (m,n,o...), it would mean maybe base 25 and 12O (base 25) is an awful amount of money ;-)
I am glad you looked at the link I provided. Congratulations!
OSX and iOS are based on NextSTEP:
http://arstechnica.com/apple/2...
https://en.wikipedia.org/wiki/...
Back on topic; Project Zero went the ethical way.
You mean only AFTER Apple BEGGED them, don't you?
Who knows what really went on behind the scene. But still; Project Zero went the ethical way whatever the reason.
OSX and iOS are based on NextSTEP:
http://arstechnica.com/apple/2...
https://en.wikipedia.org/wiki/...
Back on topic; Project Zero went the ethical way.
Depends what "government bureau". You might be right for this specific "government bureau" but some others, although seldom, don't F.A.
Breaking news!
Reports state that Vladislav Surkov has been seen en route to Siberia.
Great!
Just like in the movies, thumb drives are enabled and auto-magically work in all banking hardware/workstations I assume...
At least, they seem to have a non real-time system that reports "incidents" months later.
I have seen places where, non only can't you access anything from a thumb drive, but security guards auto-magically appear at your desk if you try to plug one in.
Actually, you can give access to what you want, /dev, /proc, /sys... or not as you wish. Letting anything run as root in a chroot when using it as a mild isolation technique is a big no-no and has always been.
chroot can still be used as a mild isolation technique if you know what you are doing. That's why I mentioned that privilege escalation can happen even in VMs.
Damn, I remember back in the days, logging in a system as guest and getting root in 30 seconds with an xterm exploit. Privilege escalation is the name of the game.
What is the "PlayStation" ?
Is it an advanced Walkman ?
Does it also have video capabilities?
How is *BSD dead when it runs the PS3 and PS4 ???
Pretty amazing! I don't have PS3 on linux...
~/tmp$ set | grep PS
GROUPS=()
PS1='\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
PS2='> '
PS4='+ '
~/tmp$
OR... it's the prudent and reasonable duty of every government to try and foresee any sort of societal trouble (at home and abroad).
Ok, but how much (percentage appreciated) do you believe TFS to be true?
Hmm, chroot needs to include its own OS or at least the parts you need to run said chrooted process unless compiled statically and still. This would make it more than sandbox lite according to your definition.
chroot is viewed as less secure as bsd jails because it wasn't designed for a security purpose in the first place.
I have a slackware pure 64 bits, no compat 32 what so ever. I chroot to a 32 bits full install and everything runs smoothly for legacy 32 bits apps.
Granted, only one kernel runs, 1 /sys /proc, etc., which is "less isolated" than a qemu vm but lets you run on bare metal for specific applications.
Anyway, even VMs can be victims of privilege escalation. BSD jail is less subject to it than chroot I hear. Good old unix chroot still has its usage nevertheless IMHO.
Elon had already done so...
http://www.telegraph.co.uk/tec...
Actually, our algorithm is pretty simple, it only looks for people wearing masks or hoods while keeping their face down.
Our monitoring software is guaranteed to work up to quadruplets, in section 34.7.
Increasingly systems like Comcast X1 are delivering live linear streams as IP - just IP that never needs to suffer the packet loss and jitter of the open Internet.
Most cable co do this now. Mine has even dropped support for analog signal over cable. OK, that pissed me off because there no way to just hook up a splitter/booster and have TV in all rooms by yourself anymore. I now need a device for each TV and the devices receive the signal through IP even if you don't subscribe to Internet services with them.
They typically use LAN IPs (usually 10.0.0.0/8) to route traffic even for Internet subscribers. You just don't usually see it but I noticed the dhcpd giving me my Internet public address all have 10.0.0.0/8 addresses and I needed to allow communication with them since I usually block that traffic.
I also worked for some cable co doing provisioning software and such. Each Internet cable modem has at least 2 IP adresses, one 10.0.0.0/8 and a public IP. They route to your public IP through the 10.0.0.0/8 address.
route add (publicIP) gw (10.0.0.0/8 address) for the Internet access.
The TV devices are plugged in before the cable modem so they have direct access to the the internal cable co LAN without going through the cable modem. Each TV device has its own MAC address and 10.0.0.0/8 IP. Easy enough to know what you are watching isn't it?
By the way, cable co that offer phone also do it through IP (VOIP) and you don't notice unless you try to use an old fax machine and even then...
In the end, the cable network has become just an IP network over DOCSYS.
Sperm bank is an app, Free TV app, enough with apps already.
Seriously, I don't understand what TFS is about!
Anybody remembers the TV ad song? I just came through my mind, it went like:
"I adore my sixty-four, my Commodore sixty-four"
Heck, I just googled for it:
https://www.youtube.com/watch?...
No problems here, I run my own DNS and flush the cache at will if needed to query the root server and then authoritative server etc. Handy for testing sometimes when moving domains. Once the customer domain moved and the tests are conclusive, it happens that I have to tell the customer that his previous provider should have set the TTL lower than 3 weeks so people using their provider DNS could see the site a little earlier ;-)
I usually set TTL from 10 minutes (dyndns) to 6 hours depending on the domain to make moving easier.
And you are off by 24.
Since then I've seen a number of accounting systems that allow all sorts of monkeying around, including posting adjusting entries for a fiscal year within that fiscal year, even though you may be a couple of months into the current fiscal year. It seems common practice now, but a quarter of a century ago that was viewed as completely inappropriate, as it opened the door for fraud.
Thanks for updating me to 2016, amazing!
Of course, as another poster has mentioned, it is always possible to restore from backup or whatever to fool the system around but the only thing I knew about was what I described first.
I read: we require a backdoor into everything...
Come on, ledgers are never edited, correction transactions are written when a mistake happens.
Good, my 18th birthday was on May 2013 so I have never watched porn before that.
Don't know about Carlos but Rodney Dangerfield seems real:
https://en.wikipedia.org/wiki/...