pavel
And anyway much software has memory leaks
布丁
Infosec 101 must cover this
\Device\NUL
Did you using smart pointers ?
pavel
In modern c++ this problem is not such big
Hussein
And anyway much software has memory leaks
yeah but even garbage collectors sometime fail and cause memory leaks
\Device\NUL
Not allocating memory at all is the best way to avoid memory leak
pavel
Smart pointers and safe functions replacement solve this alot
布丁
While introducing a little runtime overhead
Hussein
like the V8 engine few weeks ago has a severe binary vulnerbility caused ACE
Hussein
like the V8 engine few weeks ago has a severe binary vulnerbility caused ACE
arbitrary code execution
布丁
Good news is V8 sandboxes everything?
Hussein
yeah and they bypassed that
布丁
Even vulnerabilities wouldn’t damage too much
Hussein
binary vulnerbilities are the worst
because the V8 engine and almost all other js engines doesn’t ask the operating system to sandbox it
so a buffer overflow can cause catasrophic results
Hussein
it implement the sandbox itself as a program
so if an ACE occurs it can bypass that easily and load malware on the victim’s machine
pavel
It is
布丁
vuln in V8 and sandbox bypassing are two different things
Anonymous
I’m working with my friend on a simple HTTP server that returns plain text and also has two parsers for request/response bodies. He told me pay how much you like and I’m a good friend. So how much should I pay him?
The source-code is awesome and we’ve worked on it about a week.
布丁
One can expect such a huge C++ program like V8 has a ton of vulnerabilities
布丁
That’s the point of sandboxing
pavel
If it a pet project and not professional
Hussein
One can expect such a huge C++ program like V8 has a ton of vulnerabilities
the V8 has to implement a way for javascript code to run without giving it any permission
so there tons of stuff can go wrong. basically if any part of the program fails to allocate memory for itself NOT for the generated code the you will escape the sandbox automatically because you are writing into the V8 program’s memory
unless this get sandboxed (chroot) by the operating system this is catastrophic if exploited
Pavel
I’m working with my friend on a simple HTTP server that returns plain text and also has two parsers for request/response bodies. He told me pay how much you like and I’m a good friend. So how much should I pay him?
The source-code is awesome and we’ve worked on it about a week.
If you know how much he earns hourly you can pay him that based on how many hours he spent on it.
Hussein
That’s the point of sandboxing
that’s for the compiled javascript not the V8 engine itself
otherwise it would be impractical and will slow the program a lot
Anonymous
If you know how much he earns hourly you can pay him that based on how many hours he spent on it.
7d*3.5hrs*$1.5 ~= $37
Okay, not that bad!
Hussein
One can expect such a huge C++ program like V8 has a ton of vulnerabilities
they exploited the V8 itself not the generated machine code
布丁
Btw isn’t the whole Chromium browser process isolated in a sandbox?
Kanni
Hello guys!
I have this C code to print the first 98 Fibonacci numbers. It runs, but the last few numbers have a + or - 1 or 2 difference from the correct numbers I found online.
.
.
#include <stdio.h>
/**
* main - finds and prints the first 98 Fibonacci numbers
*
* Return: Always 0
*/
int main(void)
{
int i;
long double fibonacci;
long double fib1 = 1;
long double fib2 = 2;
printf("%.0Lf, ", fib1);
printf("%.0Lf, ", fib2);
for (i = 3; i <= 98; i++)
{
fibonacci = fib1 + fib2;
fib1 = fib2;
fib2 = fibonacci;
if (i == 98)
printf("%.0Lf\n", fibonacci);
else
printf("%.0Lf, ", fibonacci);
}
return (0);
}
I also tried adding the 1 to the numbers that vary from the original, but the output wasn't any different from the one I got before
klimi
I think this is because using double which just doesn't have enough precision for you
Kanni
I think this is because using double which just doesn't have enough precision for you
I thought "long double" has the highest precision 🤔
Hussein
Btw isn’t the whole Chromium browser process isolated in a sandbox?
look.. there is nothing such real sandbox for programs
it is just a way for programs to execute other programs in an isolated way
the chromium browser is divided into a rendering engine for html and css and a javascript engine and a network engine
each engine try to isolate itself from the others
when you divide (fork) your program into processes you will only separate your process from other process so exploiting one of them will cause your computer to be affected but won’t effect other functionalities of your program but will infact infect your computer
Hussein
I thought "long double" has the highest precision 🤔
no doubles doesn’t have precision in general try integers
klimi
I thought "long double" has the highest precision 🤔
well aparently not enough for so many digits :)
Hussein
no doubles doesn’t have precision in general try integers
because they aproximate your numbers to the nearest power of 2
Hussein
not to the nearest power of 10 like we do
布丁
look.. there is nothing such real sandbox for programs
it is just a way for programs to execute other programs in an isolated way
the chromium browser is divided into a rendering engine for html and css and a javascript engine and a network engine
each engine try to isolate itself from the others
when you divide (fork) your program into processes you will only separate your process from other process so exploiting one of them will cause your computer to be affected but won’t effect other functionalities of your program but will infact infect your computer
https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md all these look like OS-level stuff?
pavel
And don't compare float/double with exact value. You can compare exact only with 0 +-1 nan inf
布丁
I don’t believe people call it a “sandbox” just because it runs in a separate process
\Device\NUL
I thought "long double" has the highest precision 🤔
not guarantee, even different OS may different programming model
Kanni
no doubles doesn’t have precision in general try integers
I get negative numbers with "int"
布丁
It is
Doesn’t make sense to me😭 when you pass in a "--no-sandbox" then the multi-process architecture becomes single-process? Cannot be, right
Hussein
You are right they use a chroot and they protect the kernel (or at least trying to)... my bad
but they seem to exploit the validator itself
Hussein
unfortunately they haven’t disclose any detaila about it except that it was a binary exploitation
Hussein
You are right they use a chroot and they protect the kernel (or at least trying to)... my bad
but they seem to exploit the validator itself
I meant the system call validator and the kernel
Hussein
Doesn’t make sense to me😭 when you pass in a "--no-sandbox" then the multi-process architecture becomes single-process? Cannot be, right
they used IPC to communicate between process which helps
but it is like create a safe for a safe then you have to create a safe for the safe that protect the inner safe and so on
Kanni
not guarantee, even different OS may different programming model
How can I know the highest for my OS and programming model
Kanni
And don't compare float/double with exact value. You can compare exact only with 0 +-1 nan inf
I don't understand 😅
\Device\NUL
The numbers are too big so they got overflowed
\Device\NUL
How can I know the highest for my OS and programming model
https://en.wikipedia.org/wiki/64-bit_computing#64-bit_data_models
Kanni
Hmm, should we use non standard things ? Try __uint128
Thank you. I'll have to read about this. I know nothing about it
klimi
Please, read the rules, Thank you :)
Sir
Hussein
How can I know the highest for my OS and programming model
use a arbitrary precision library
Alex
hi guys, how can i use the signal alarm() multiple times?
void handler(int signum)
{
do something
}
void main()
{
code
signal(SIGALRM, handler)
while (1)
{
alarm (5)
code
}
}
in this way it will work?
Alex
i have a main thread that has to accept multiple connections and periodically has to check those connections
Anonymous
hi guys, how can i use the signal alarm() multiple times?
void handler(int signum)
{
do something
}
void main()
{
code
signal(SIGALRM, handler)
while (1)
{
alarm (5)
code
}
}
in this way it will work?
Paste you code snippets to services like:
pastebin.com
Alex
bro my code has more than 1000 lines of codes
Hussein
Alex
oh ok
klimi
hi guys, how can i use the signal alarm() multiple times?
void handler(int signum)
{
do something
}
void main()
{
code
signal(SIGALRM, handler)
while (1)
{
alarm (5)
code
}
}
in this way it will work?
afaik you have can have just one SIGALRM per process
Alex
yeah, i want only the main thread to have the SIGALRM, so the others will have a SIG_IGN
Alex
hi guys, how can i use the signal alarm() multiple times?
void handler(int signum)
{
do something
}
void main()
{
code
signal(SIGALRM, handler)
while (1)
{
alarm (5)
code
}
}
in this way it will work?
but this code will do the handler every 5 seconds or this is wrong?
klimi
klimi
so it will be doing code all the time, and the alarm won't be executed if the code takes less that 5 seconds