CharmBUG Meeting - Xorg and fun with local root privileges

submited 13 November 2018

Next formal CharmBUG meeting will be held at Onyx Point in Hanover, MD. The goal for this meeting will be to discuss any BUG topics, or general issues, followed by a talk on Xorg and fun with local root privileges.

Michael Shirk will be giving a talk about the events that unfolded at the end of October 2018 with an interesting local root privilege escalation bug in the Xorg server. He will discuss what happened as details emerged and how the vulnerability impacted FreeBSD and OpenBSD. At the end of the talk, attendees are invited to join in on an interactive search for all of the setuid/setgid binaries in a base install of FreeBSD and OpenBSD as well as ports that install setuid/setgid binaries to highlight the issues with root privileges.

NOTE: This talk will occur on Wednesday, November 28th.

The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial? Share it with the BSD community here or just enjoy what everyone else has found!


15 July 2020
Bastille 0.7.20200714 Released!  

Bastille Day 2020 brings us another release! This release matures the project from 0.6.x to 0.7.x and includes a number of exciting features. Improvements include evolution of the template automation system, new mount/umount sub-commands, improved documentation and more. Check it out!

14 July 2020
GSoC Reports: Fuzzing Rumpkernel Syscalls Part 1  

This report was prepared by Aditya Vardhan Padala as a part of Google Summer of Code 2020

GSoC Reports: Make system(3) and popen(3) use posix_spawn(3) internally Part 1  

This report was prepared by Nikita Gillmann as a part of Google Summer of Code 2020.

GSoC Reports: Fuzzing the NetBSD Network Stack in a Rumpkernel Environment Part 1  

This report was prepared by Nisarg Joshi as a part of Google Summer of Code 2020.

Dummynet: The Better Way to Build FreeBSD Networks  

Dummynet is the FreeBSD traffic shaper, packet scheduler, and network emulator. Dummynet allows you to emulate a whole set of network environments in a straight-forward way. It has the ability to model delay, packet loss, and can act as a traffic shaper and policer. Dummynet is roughly equivalent to netem in Linux, but we have found that dummynet is easier to integrate and provides much more consistent results.

GSoC Reports: Curses Library Automated Testing Part 1  

This report was prepared by Naman Jain as a part of Google Summer of Code 2020.

GSoC Reports: Extending the functionality of NetPGP Part 1  

This report was prepared by Jason High as a part of Google Summer of Code 2020 .

GSoC Reports: Enhancing Syzkaller support for NetBSD, Part 1  

This report was prepared by Ayushi Sharma as a part of Google Summer of Code 2020.

Enjoying DiscoverBSD? There is more...

Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles. It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).

You can also support the work on Patreon.
12 July 2020
In Other BSDs for 2020/07/11  

BSD related items from DragonFlyBSD digest

10 July 2020
Sponsor NetBSD project on Github  

You can now sponsor The NetBSD Foundation on Github Sponsors. Tiers range from 5 to 500 $ and can get you different rewards, such as link on their website or dedicate resources to either pkgsrc bulk builds or source builds on two platforms of your choice.

Donations to The NetBSD Foundation allow the project to purchase build hardware and fund development.

GitHub does not charge fees for GitHub Sponsors. They cover payment processing costs, so one-hundred percent of your sponsorship goes to the developers and organizations.

OpenBSD Errata: July 9th, 2020 (shmget)  

Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7. shmget IPC_STAT leaked some kernel data. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility. As these affect the kernel, a reboot will be needed after patching.

load more