A while ago I posted about how sudo can be easily backdoored by dropping a fake
sudo script into the user's PATH:
https://m4.rkw.io/blog/getting-root-without-an-exploit--stealth-sudo-backdoor...
Another attack vector for sudo is monitoring the process list for invocations of
[read more...]
Charles Proxy is a great mac application for debugging web services and
inspecting SSL traffic for any application on your machine.
In order to inspect the SSL traffic it needs to configure the system to use a
proxy so that it can capture the packets and use its custom root CA to decode
the SSL.
[read more...]
4 May 2018 07:38 | apple
Somebody started a petition asking Apple to recall the 2016 (and presumably
2017 since they're basically the same) macbook pros and fit them with a
keyboard "that works":
https://www.change.org/p/apple-apple-recall-macbook-pro-w-defective-keyboard-...
[read more...]
Another Hashicorp bug that I've been sitting on since late last year. This one
was exploitable only during the vagrant update process, or even if the user
typed "vagrant plugin update" and there was no pending update.
It was possible for a rogue process on the system to subvert the upgrade process
in a way the user was unlikely to notice in order to steal root privileges.
[read more...]
Another exploit for the now deprecated vagrant-vmware-fusion plugin. This one
only works if VMware Fusion is not installed which is an unlikely scenario.
However if this should occur then it's an easy root escalation so users should
still update.
https://m4.rkw.io/vagrant_vmware_privesc_5.0.4.sh.txt
[read more...]
This issue was reported to Hashicorp on 16/11/17. At first they claimed it was
low priority because it required local access, despite being a straight-to-root
escalation. Then they conceded that this wasn't reasonable and said it was high
priority and that they would address it.
It has taken until this week to get their fixes out, involving an entire rewrite
[read more...]
I have released three cryptocurrency mining projects:
- Fanotaur: independently monitors Nvidia card temperatures and regulates fan
speeds to keep them at a preset temperature.
- Minotaur: derives calibrated hashrates and power limits from your devices for
[read more...]
Last year I found a couple more privilege escalation vectors in Arq Backup
for Mac version 5.10. Both have now been fixed in the latest release.
The first is relatively simple - the arq_updater binary (which runs as root)
takes a path argument for the url to retrieve an Arq update from in the format
Arq.zip. We can simply specify an arbitrary path - eg file:///tmp/blah/Arq.zip -
[read more...]
