🎉 We made it! 🎉
A lot of work went into making this possible 😀
It's very satisfying to see all my exploits fail — and not just in my experimental subhurd, but on the host, running upstream Debian binaries. They just... no longer work, can you believe it?
(That being said, there still are some unpatched vulnerabilities in the Hurd — but there's a lot less of them now.)
Check out these threads:
P.S. Yes, I know of more yet-unfixed vulnerabilities, and have written some more exploits. Don't let me anywhere near your Hurd boxes :)
I hope you will publish and get your CVE, good job!
I'd like to know a bit about your workflow in a high level perspective, if I don't bother you
I suppose you virtualized the OS and then did you use static o dynamic analysis?
I'm trying to learn and shift from userland to kernel space exploitation
Yes, my Debian GNU/Hurd installation lives inside qemu/libvirt. No, I didn't use any smart analysis tools: I just browsed the source code and saw things that could go wrong, then wrote exploits for them. It's that simple :)
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!