Cant someone who pulls off a privelege escalation escape the chroot?
Yes, he can. Basically, the trick is to do another chroot to a subdirectory, but without doing the chdir. So now the attacker is in a situation where the current directory is above the root. Here he can keep doing chdir(".."); until he reaches the real root, and then all he needs to do is chroot(".");.
What's worse, this exploit is due to the way how chroot is spec'ed, thus it can't really be fixed by the kernel.
So yes, you can escape a chroot jail if you've got root. However, the point of the chroot jail is to prevent attackers from gaining root in the first place, by confining them to a minimal and more controllable environment which has no spare crowbars lying around.
Moreover, other confinements, such as BSD jails, containers or zones may not have the problem outlined above.
God just made it that way. He's makes moons however he wants.
Exactly. So why do religious fundamentalists think it's wrong to shoot a rocket at these moons? After all, God himself made the moons such they want a rocket!
just planning a crime isn't a crime everywhere though.
And that's a good thing too. We don't really want to condemn murder mystery authors doing research for a book that they are writing.
Or fireman having an exercise of how to react to a bombing (Some amount of planning must have preceded the fake bombing to make it realistic enough for the exercise).
There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.
Yes, burning down your place of employment should only be done in context of insurance fraud, or to help them save costs of properly disposing of dangerous goods. But never for petty revenge!
I initially read this as "Never plug this in!", would have been more funny that way. Indeed if someone did plug it in (and someone would... idiots are everywhere...), Mr Cornish would have been able to share his punishment with whomever disregarded this clear instruction...
... and more importantly, how can a simulation intended to a physical phenomenon be applied to a social phenomenon governed by an entirely different mechanisms?
A CA is an insurance company, and should be regulated as such.
This might work when you can put a clear price-tag on a breach, but this is rarely the case.
Just imagine the Syrian government eavesdropping on a protester's private facebook communications via a forged certificate, and using the intelligence gained to arrest and torture the protester. How could any money paid by an "insurance" compensate for this?
Does it? A botnet that gains access to a WoT (due to one person being a moron) can easily change that -- suddenly 90% of your friend's friends
This could be addressed by the WoT software making sure that most paths of trust are independent from each other, i.e. don't pass all through the same person.
say that cheap-rolex.in is a trustworthy site
... and this is the real danger! That almost nobody understands what the system is for, and issue certificates willy-nilly because they don't understand what they are for. And as misunderstanding about this whole CA and WoT business is rampant, you may indeed have more than one person who issues me an id card with Richard Stallman's name on it but my photo, simply because they think RMS is a trustworthy chap...
Just ask everybody you trust today whether they've ever visited diamonds-usa.com and think it's a trustworthy site.
... and thus making useless to them any sites that you visited.
Congrats, you just proved brilliantly why a "web" of trust can't be trusted, even if it's only one hop "deep". Yes, I am aware that is actually the point you are trying to make, but you probably didn't intend to make in this way...
You may trust your friends' integrity and honesty, but you better won't trust their knowledge about what a certificate actually means.
Slashdot Mirror
Blame US laws, not RealNetworks.
Why should US laws apply to the Netherlands?
Cant someone who pulls off a privelege escalation escape the chroot?
Yes, he can. Basically, the trick is to do another chroot to a subdirectory, but without doing the chdir. So now the attacker is in a situation where the current directory is above the root. Here he can keep doing chdir(".."); until he reaches the real root, and then all he needs to do is chroot(".");.
What's worse, this exploit is due to the way how chroot is spec'ed, thus it can't really be fixed by the kernel.
So yes, you can escape a chroot jail if you've got root. However, the point of the chroot jail is to prevent attackers from gaining root in the first place, by confining them to a minimal and more controllable environment which has no spare crowbars lying around.
Moreover, other confinements, such as BSD jails, containers or zones may not have the problem outlined above.
... today is North Anna, Virginia
wooosh!
... and without a credit card, you'll have trouble attracting jacks to your plug...
Does this mean that he is a jack rather than a plug?
you hit the nail on the head: with Apple, looks are everything. Function is only an accessory.
And I'm going to put this exposed, surface mount, powerful magnet in my pocket with all the other flotsam? I don't think so.
Why? Are you concerned that it will attract your jack, errr, sorry, plug?
So, it would be more correct to say "plugging off"?
A "jack" is a female fitting.
So, where does the phrase "jacking off" come from?
God just made it that way. He's makes moons however he wants.
Exactly. So why do religious fundamentalists think it's wrong to shoot a rocket at these moons? After all, God himself made the moons such they want a rocket!
just planning a crime isn't a crime everywhere though.
And that's a good thing too. We don't really want to condemn murder mystery authors doing research for a book that they are writing.
Or fireman having an exercise of how to react to a bombing (Some amount of planning must have preceded the fake bombing to make it realistic enough for the exercise).
Not that I hack, but I've had friends who were very good hackers that wouldn't tell me ANYTHING they had done.
So, how do you know?
There are no circumstances in which doing the equivalent of burning down your former place of employment is a legitmate move in a dispute.
Yes, burning down your place of employment should only be done in context of insurance fraud, or to help them save costs of properly disposing of dangerous goods. But never for petty revenge!
I initially read this as "Never plug this in!", would have been more funny that way. Indeed if someone did plug it in (and someone would... idiots are everywhere...), Mr Cornish would have been able to share his punishment with whomever disregarded this clear instruction...
... and more importantly, how can a simulation intended to a physical phenomenon be applied to a social phenomenon governed by an entirely different mechanisms?
A CA is an insurance company, and should be regulated as such.
This might work when you can put a clear price-tag on a breach, but this is rarely the case.
Just imagine the Syrian government eavesdropping on a protester's private facebook communications via a forged certificate, and using the intelligence gained to arrest and torture the protester. How could any money paid by an "insurance" compensate for this?
No CA...show my id
And guess who issued that id? A trusted third party, namely the government.
Does it? A botnet that gains access to a WoT (due to one person being a moron) can easily change that -- suddenly 90% of your friend's friends
This could be addressed by the WoT software making sure that most paths of trust are independent from each other, i.e. don't pass all through the same person.
say that cheap-rolex.in is a trustworthy site
... and this is the real danger! That almost nobody understands what the system is for, and issue certificates willy-nilly because they don't understand what they are for. And as misunderstanding about this whole CA and WoT business is rampant, you may indeed have more than one person who issues me an id card with Richard Stallman's name on it but my photo, simply because they think RMS is a trustworthy chap...
Just ask everybody you trust today whether they've ever visited diamonds-usa.com and think it's a trustworthy site.
... and thus making useless to them any sites that you visited.
Congrats, you just proved brilliantly why a "web" of trust can't be trusted, even if it's only one hop "deep". Yes, I am aware that is actually the point you are trying to make, but you probably didn't intend to make in this way...
You may trust your friends' integrity and honesty, but you better won't trust their knowledge about what a certificate actually means.
Dead people don't go to job interviews
Quick, mod this interesting!
Do you think the cost of preventing drunk driving also exceeds the safety benefits?
Yes.
(Apart from it not being a "cost" for the state... Indeed, in both cases, the fines actually bring in revenue, rather than being costs...)
Just be sure to keep your knees together...
... then what body part did he use?