TL;DR: (perf_ptmx.c) Last week on HN a link to a linux local privilege escalation exploit was posted, exploit which affects all linux versions between 2.6.37 and 3.8.9 compiled with PERF_EVENTS enabled. Some distros backported the bug to older kernel versions too, I tested CentOS 2.6.32-358.el6.x86_64 as vulnerable. The security issue is located in kernel/events/core.c, and...

Read more

Ruby 2.0 features a new garbage collection algorithm, called Bitmap Marking. To understand how this new approach works, a brief look at the ruby design is needed, starting with ruby.h. All ruby objects are referenced through variables of the type VALUE in the C code: a VALUE is an unsigned integer that can be an...

Read more

I just finished the first step of porting Redis, the server component, to the Android ndk. I didn’t test anything besides basic features, value store/load, db save and db restore but the few things i tested worked perfectly. To port it i created a stub app and compiled the source tree as a JNI library....

Read more

I’ll dump here some info about a library i started writing some time ago or i’ll end up forgetting it. This is a straightforward c++ wrapper of libhiredis, I know that there are already dozens of c++ Redis libraries out there but i needed something natively compatible with the standard c++ vectors and strings, therefore...

Read more

Last year I developed RMotion, a library with ruby bindings that can be used to detect moving objects in a video/cam stream in real time. It is quite convenient to solve simple detections problems because you can just program the logic in ruby inside the main loop and you get most of the detection issues...

Read more

Today I quickly translated a python script i had floating around into a more useful NSE script. It pulls the consensus data from one of the 9 Tor directory servers (documentation here) and runs a regular expression to extract the ip addresses of the nodes until it finds a matching one. nmap -p0 -dd -Pn...

Read more