OpenVPN comes with example-scripts to update /etc/resolv.conf using "resolvconf" or systemd-resolvconf. I don't use one of them therefore I modified the script so that it simply changes /etc/resolv.conf directly. I placed a variable "IMMUTEABLE" in this script. If IMMUTEABLE is set to 1, this script will change the fileattribute of /etc/resolv.conf to immuteable. In that way it is possible to prevent other programms like dhcp-clients to change /etc/resolv.conf while openvpn is running.
This year I want to send you merry christmas by creating a blog-entry for a raspberry pi christmas project. The "christmas-machine" displays merry christmas and wishes for the "christkind" on a tft display for the raspberry. It is possible to send christmas wishes using a web applications that can be accessed via wifi. I placed this installation at the coffee-kitchen in the office and it was very nice to see that my colleges had a lot of fun with it.
Blesses for "Brother Patrick" who spent me that wonderful Joy-IT TFT display.
- Identifier: AIT-SA-20190930-01
- Target: GitLab Omnibus
- Vendor: GitLab
- Version: 7.4 through 12.2.1
- Fixed in Version: 12.2.3, 12.1.8 and 12.0.8
- CVE: CVE-2019-15741
- Accessibility: Local
- Severity: Low
- Author: Wolfgang Hotwagner (AIT Austrian Institute of Technology)
GitLab Omnibus sets the ownership of the log directory to the system-user "git", which might let local users obtain root access because of unsafe interaction with logrotate.
- System affected: Debian packages of groonga/-httpd 6.1.5-1
- Software-Version: 6.1.5-1
- User-Interaction: Not required
- Impact: Local root
- CVE: CVE-2019-11675
The path of the logdirectory of groonga-httpd can be manipulated by user groonga:
This year I gave a talk at the Easterhegg 2019 about a Linux kernel rootkit that can handle containers. I mainly presented my Bachelor work from 2017 with some improvements.
Many people are scared because Microsoft bought GitHub. I wonder why people are so shocked now. Github is just another cloud-thingy and cloud means: "it's just the computer of someone else". If "someone else" will shutdown or wipe his computer, then we better have backups. Having this in our minds I would say that it's time to make (auto)backups. I wrote this little ruby-script that clones all public repositories of a user into a directory.
TLS via SMTP is opportunistic which makes connections vulnerable to man-in-the-middle-attacks. In order to prevent mitm-attacks, DANE could be used. The sender-server will first check the domain-records if dnssec is in use(and valid) and if a TLSA-record is published(and valid). If a TLSA-record is valid and matches with the certificate of the recipient-server the connection could be encrypted and the encryption is verified.
Every time I replace an old hard disk by a newer or bigger one I think that I'll wipe it later. Now I have a big amount of hard disks to wipe. Since wiping takes ages, I don't want to use my personal computer for that. I would prefer a small device with low energy consumption just for wiping. That's why I am going to build a "Nukestation". Basically it's just a Raspberry Pi with nwipe on it and a udev-rule for automatically wipe attached hard disks. But some extras would be nice...