If you type in a wrong command, bash-insulter will insult you badly.
A few weeks ago I started cmus to read in all my music and it crashed badly. I wondered how this could happen and started to investigate. So I figured out that it crashed with a segfault. After compiling it with debugging-symbols and running it with gdb I located the bug in the libcue-library and I also found out the reason why: libcue doesn't handle unicode-files and one of my cue-files was unicode encodeded. So libcue started to detect a lot of "bad characters" before it segfaulted.
Even if I was a little bit lazy and did not write much lately, I am very proud to announce the third anniversary of this blog.
I wrote a role for managing MaraDNS with Ansible.
- Ansible 2.1+ (might ork with prior versions too)
- Debian-based Linux-distribution
ansible-galaxy install whotwagner.maradns
Check_MK is a great monitoring tool. One of it's strengths actually is, that it can automatically detect services and monitors it. I always monitored all public ip-addresses of my servers if they are listed on any dns-blacklist. I had to add new public ip's manually, so I reached out for a new solution. I found a nice little plugin in a GitHub-repository of HeinleinSupport. The plugin waIs great, but I missed two things.
A few months ago I published a vulnerability in OpenElecs updater. I successfully hacked remotely OpenElec version 6.x.x and 7.x.x . OpenElec 8 is available for a while and reached version 8.0.4. So I tested the bug against this version and it's still open. An attacker who is Man-In-The-Middle can remotely compromise Openelec-Updates and plant a reverse-shell on the target.
On Saturday the Debian Project announced the release of Debian 9 "Stretch". This means that Jessie will be oldstable and Wheezy won't recieve any updates anymore. So it's time to dist-upgrade.
In kernel-programming we should avoid doing call_usermodehelper() which allows to execute a command from kernel-space. And sometimes we even want to call this function within a systemcall. Normally, we really don't wanna do this. But, desperate times require extraordinary methods.
When I first tried to execute call_usermodehelper() within a systemcall() I got a kernel failure. So I googled and what I found was: