benjojo.co.uk

one honk maybe more

benjojo posted 06 Dec 2024 14:18 +0000

I mean sure, You can spend all of this time evading advanced memory corruption detection, ASLR, W^X, etc. But have you considered just shoving funny bash strings into every possible hole and seeing if stuff is so busted that it will just run it anyway?

(This compromised a non zero amount of people)

A github PR where the branch name is a long bash one liner that downloads and runs a script

benjojo replied 06 Dec 2024 14:28 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/q6728313Y8mGh6dHhP

I think it says a lot that in order to exploit iPhones you need to pull off what I can best describe as an exploit version of a bunker buster bomb that performs all sorts of interesting tricks to line up the chain of extremely unfortunate coincidences to exploit the platform.

Meanwhile to get RCE on a lot of Linux ecosystems you simply just need to find more places to shove the "funny bash string" in and at some point the system will probably execute it. (See, the reply, ShellShock, most LFI issues etc)

mansr@society.oftrol.. replied 06 Dec 2024 16:21 +0000
in reply to: https://benjojo.co.uk/u/benjojo/h/lNg2KYx5Lfyz5K5459

@benjojo That's quite far from a fair comparison, though. Do you work for Apple, or are you shilling for free?

benjojo replied 06 Dec 2024 17:48 +0000
in reply to: https://society.oftrolls.com/users/mansr/statuses/113606794029578701

@mansr A quick scroll of my profile would answer the who I work for (myself). If you are interested in a nuanced discussion on this I'm happy to talk about my thoughts on this area, feel free to email fedi@benjojo.co.uk