From what I understand, the copy fail bug was found by researcher who noticed something weird and then using AI to scan the codebase for instances where that becomes a problem. I bet that with a slightly looser…
There are two vulnerabilities here. The RxRPC one is definitely a different root cause (although caused by a very similar mistake). For the ESP one it's a bit harder to tell. I don't think the wrong thing was fixed,…
SUID mitigations have nothing to do with the vulnerability itself - just the exploit. If there's a root cronjob that runs a world readable binary, you could modify it in the page cache and exploit it that way. Modifying…
My immediate reaction was the same. But this is very similar to Copy Fail, and I'm assuming there was an assumption that others might also discover this soon as well. Hence the urgency. At least that's my charitable…
This is very similar in root cause and exploitation to Copy Fail. Which illustrates pretty well something that's lost when relying heavily on LLMs to do work for you: exploration. I find that doing vulnerability…
System partitions being non-writable has nothing to do with the vulnerability - it allows modifying the cache of any file that you can open for reading. Not using setuid anywhere means you'd have to build a slightly…
Yeah, totally agree now that I've looked into it more. > If OSS models are equally up to the task, why not find novel vulnerabilities? To be fair, in the same blog post Anthropic mentioned costs in the tens of thousands…
> Open source models found the same bugs? Sure, if you tell them "here is a for which may contain a vulnerability, look for a big in how function XYZ handles ABC" In one of Anthropic's blog post, they describe that…
Security efforts are not evenly distributed, even within a single project. This includes both the thinking that the developers put in, and the scrutiny given to a piece of code by researchers. The initial batch of…
I agree with the general sentiment, but it seems fair to me that an old "lifetime" license won't have access to new features.
I love this stuff. If anybody wants another outlandish example here is an emulator I built: https://github.com/DanielFi/sqlite-vm/blob/main/emulator.sql
Fuzzing data flow separately from control flow is an interesting idea I can believe that it dramatically speeds up finding certain bugs, but I doubt that it can reach a large class of complex vulnerabilities, which in…
[dead]
From what I understand, the copy fail bug was found by researcher who noticed something weird and then using AI to scan the codebase for instances where that becomes a problem. I bet that with a slightly looser…
There are two vulnerabilities here. The RxRPC one is definitely a different root cause (although caused by a very similar mistake). For the ESP one it's a bit harder to tell. I don't think the wrong thing was fixed,…
SUID mitigations have nothing to do with the vulnerability itself - just the exploit. If there's a root cronjob that runs a world readable binary, you could modify it in the page cache and exploit it that way. Modifying…
My immediate reaction was the same. But this is very similar to Copy Fail, and I'm assuming there was an assumption that others might also discover this soon as well. Hence the urgency. At least that's my charitable…
This is very similar in root cause and exploitation to Copy Fail. Which illustrates pretty well something that's lost when relying heavily on LLMs to do work for you: exploration. I find that doing vulnerability…
System partitions being non-writable has nothing to do with the vulnerability - it allows modifying the cache of any file that you can open for reading. Not using setuid anywhere means you'd have to build a slightly…
Yeah, totally agree now that I've looked into it more. > If OSS models are equally up to the task, why not find novel vulnerabilities? To be fair, in the same blog post Anthropic mentioned costs in the tens of thousands…
> Open source models found the same bugs? Sure, if you tell them "here is a for which may contain a vulnerability, look for a big in how function XYZ handles ABC" In one of Anthropic's blog post, they describe that…
Security efforts are not evenly distributed, even within a single project. This includes both the thinking that the developers put in, and the scrutiny given to a piece of code by researchers. The initial batch of…
I agree with the general sentiment, but it seems fair to me that an old "lifetime" license won't have access to new features.
I love this stuff. If anybody wants another outlandish example here is an emulator I built: https://github.com/DanielFi/sqlite-vm/blob/main/emulator.sql
Fuzzing data flow separately from control flow is an interesting idea I can believe that it dramatically speeds up finding certain bugs, but I doubt that it can reach a large class of complex vulnerabilities, which in…
[dead]