Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Originally, there were two types of users in Linux: privileged and non-privileged. However, this binary change was not enough for handing out permissions. So, Linux released capabilities, which allows for fine-grained control of the administrative permissions.

When creating a namespace and mounting to a file system, having all of the permissions is totally fine. During the execution on these files though, the capabilities permissions are not checked! This was because a wrapper function with permissions check was not used.

Because of the lack of permission checks on the capabilities on the outer namespaces, the author writes over the user process information to become root. So, they just win at this point with an LPE on Ubuntu.

The remediate of the bug was done in a better than expected way. Instead of waiting for more OSes to make the mistake of not calling the wrapper function, the permission checks were made inside of the regular function. Centralizing security always helps.