📢 Descriptions of the GNU #Hurd vulnerabilities I've found earlier this year are now public! 🎉
Read them here: https://lists.gnu.org/archive/html/bug-hurd/2021-11/msg00018.html This should be an interesting read even if you're not very familiar with the Hurd and #Mach 🙂
(phew, it took me quite some time to write, too!)
@rysiek if you haven't updated your VM in a while, you could even try out the exploits for yourself :)
@bugaevc seriously though, good to see progress on Hurd. Thank you for your work!
@bugaevc thx for the work!
@bugaevc I don't know the first thing about microkernels, and can't tell Hurd from March, but this was a fairly approachable read! Thank you for all those "background" sections; just enough detail to understand, in general, what you're even talking about :)
@bugaevc Hurd is active? :O
@peter it is, though the pace is slow. Some recent commits to the Hurd proper can be seen here: https://git.savannah.gnu.org/cgit/hurd/hurd.git/log/ and there's also GNU Mach, glibc, and various other repos
@bugaevc wow, is there a preferred distro for testing?
@bugaevc congratulations! It's sweet to get new CVEs to one's name 🙇
These vulnerabilities have been assigned CVE-2021-43412, CVE-2021-43413, CVE-2021-43411, CVE-2021-43414
(Thanks to Amos Jeffries for requesting the CVEs!)