|
I'm not sure I fully understand what's going on here, but http://1337day.com/exploits/18984 This is allegedly Javascript that exploits a bug in one or more models of the Intel Core 2 Duo processor line to achieve ... something. The details on what it's doing, why, and what it actually gets done isn't clear to me. They're calling it "root."
|
# ? Jul 15, 2012 04:38 |
|
|
# ? May 16, 2024 17:42 |
|
It's overwriting stuff in the instruction cache, which is potentially even better than getting root as it could let you run code as the hypervisor and break out of a vm. I'm not sure what the PoC code actually does.
|
# ? Jul 15, 2012 04:58 |
|
That's... frightening. 3/4 of the workstations I manage are one of a few types of Core 2 Duo.
|
# ? Jul 15, 2012 05:02 |
|
Didn't do anything on my core 2 duo.
|
# ? Jul 15, 2012 05:04 |
|
Vanadium posted:Didn't do anything on my core 2 duo. I don't understand why he wrote it in Javascript. While it does make for a more frightening headline, using JS also makes reproduction *much* more difficult. Reliably generating the same sequence of instructions is dependent on the exact browser/VM versions, and he doesn't specify any.
|
# ? Jul 15, 2012 06:28 |
|
Janin posted:The comments indicate that it takes a long time, potentially over an hour.
|
# ? Jul 15, 2012 07:37 |
|
That particular JS is from some guy who tried porting a C exploit to Javascript while having little idea what he was doing, what the differences between the languages were, or even how the original exploit worked. The original exploit, though, is a little more interesting (or at least, "actually plausible"). Compromising the host system once you've gained access to a VPS on the box is a pretty worrying possibility, and it's even possible (depending on how specific the conditions need to be to trigger the bug) that it could be triggered from a script similar to how a jit spray works (though there it'd probably be targeting Flash rather than javascript). Jabor fucked around with this message at 09:27 on Jul 15, 2012 |
# ? Jul 15, 2012 09:25 |
|
That JS "exploit" is poo poo. He tries adding an object to a number, thinking it's a pointer. He tries to xor a function and a number together. He calls a dummy, blank function and thinks it will do something, as long as you pass it a magic number, 257*3. He calls unescape like it has some magic voodoo powers that will turn a return value into something else.
|
# ? Jul 15, 2012 10:23 |
|
Whenever you see comments left in an exploit like "It doesn't work. Now it does! Or does it?" that alone should be a strong indicator that it's crap.
|
# ? Jul 15, 2012 12:02 |
|
The author of the C exploit, Kris Kaspersky/nezumi, gave a talk on the issue: PDF of slides And on a WASM Forum thread about him/his exploit, he linked the full exploit file including required micro.dat. e: Here's the video of his talk, talk starts at 1:10. Malloc Voidstar fucked around with this message at 14:51 on Jul 15, 2012 |
# ? Jul 15, 2012 14:19 |
|
Just found this wonder at work, sitting in it's own JS file...code:
|
# ? Jul 16, 2012 22:49 |
|
Byte Salad posted:Just found this wonder at work, sitting in it's own JS file... He's just trying to reduce code size though!
|
# ? Jul 16, 2012 23:17 |
|
at the startup I'm working for we recently got a batch of new hires. A new designer modified some css class attributes without even *thinking* about what other elements share the class. The site got trashed...
|
# ? Jul 16, 2012 23:35 |
|
theratking posted:at the startup I'm working for we recently got a batch of new hires. A new designer modified some css class attributes without even *thinking* about what other elements share the class. The site got trashed... It's okay because you're under version control right? RIGHT???
|
# ? Jul 16, 2012 23:42 |
|
Strong Sauce posted:It's okay because you're under version control right? RIGHT??? haha yes thank jesus. Although the times I've found commits with HEAD >>>> poo poo in it... *sigh*
|
# ? Jul 16, 2012 23:44 |
|
theratking posted:haha yes thank jesus. Although the times I've found commits with HEAD >>>> poo poo in it... *sigh* You need a better precommit hook. There are still advantages to centralized version control...
|
# ? Jul 17, 2012 05:04 |
|
McGlockenshire posted:You need a better precommit hook. There are still advantages to centralized version control... We don't have any pre-commit hooks. This entire startup is a horror. Our dev team (aside from myself) basically quit this summer and all the new hires have never done web-dev before. I was the most inexperienced member of the team and now I'm "head programmer." I know I can't really expect much more, our boss just graduated college and we're all college level (I just finished my freshman year), but geez... I need to vent sometimes.
|
# ? Jul 17, 2012 09:24 |
|
Don't know if this counts as a "coding horror" but it's pretty drat stupid. At work we use OpenDNS, and I just went onto jsfiddle and was greeted with this:
|
# ? Jul 17, 2012 14:40 |
|
Optimus Prime Ribs posted:Don't know if this counts as a "coding horror" but it's pretty drat stupid. A site that lets me host pages for free without any setup? That honestly sounds like the best way to phish.
|
# ? Jul 17, 2012 16:02 |
|
It's why PasteHTML was blocked by a shitload of ISPs for a while.
|
# ? Jul 17, 2012 17:05 |
|
Boss, boss, boss...php:<? #!/usr/bin/php <? while(1){ $line = fgets(STDIN); $pos = strrpos($line, "~", 0); if ($pos !== false){ $puke = Chr(13) . chr(13).chr(10); $puke .= "big steaming lump"; $puke .= " of hand-rolled xml"; $puke .= " right here"; $puke .= "puke"; $puke .= Chr(10); echo $puke; } //echo $line; } ?>?> code:
|
# ? Jul 17, 2012 18:03 |
|
I just got assigned just about the most retarded task imaginable: We need to have a bunch of SWF objects which act as slides for a presentation; they contain text transitions and whatnot. These need to be pushed live, and the only way our platform can do that is to stick it in an iframe, and then on that page periodically check if a new SWF should be shown. On those SWF objects is a black box where an SWF player (which is playing a live stream) needs to be absolutely positioned over, but that cannot go in the iframe as each slide change will gently caress up the stream, so I need to position it over the iframe. And then that page is going into another iframe.
|
# ? Jul 17, 2012 18:37 |
|
Aleksei Vasiliev posted:It's why PasteHTML was blocked by a shitload of ISPs for a while. MSM still blocks it
|
# ? Jul 17, 2012 18:43 |
|
Optimus Prime Ribs posted:I just got assigned just about the most retarded task imaginable:
|
# ? Jul 17, 2012 18:49 |
|
code:
|
# ? Jul 19, 2012 18:58 |
|
I think SyntaxError: Invalid syntax is a more legitimate concern
|
# ? Jul 19, 2012 21:30 |
|
Otto Skorzeny posted:I think SyntaxError: Invalid syntax is a more legitimate concern syslog.openlog = openlog(...) is perfectly valid syntax in Python 3.
|
# ? Jul 19, 2012 23:52 |
|
What's the ... do?
|
# ? Jul 19, 2012 23:59 |
|
Slicing http://docs.python.org/release/2.5.2/lib/bltin-ellipsis-object.html
|
# ? Jul 20, 2012 00:04 |
|
Suspicious Dish posted:syslog.openlog = openlog(...) is perfectly valid syntax in Python 3. You've misunderstood me. I was complaining that CPython's syntax errors are spectacularly unhelpful to novices and that this is a worse problem than Zombywuf's quibbles with pydoc, not that the statement Zombywuf referenced in his complaint about pydoc contained a syntax error.
|
# ? Jul 20, 2012 00:09 |
|
Otto Skorzeny posted:You've misunderstood me. I was complaining that CPython's syntax errors are spectacularly unhelpful to novices and that this is a worse problem than Zombywuf's quibbles with pydoc, not that the statement Zombywuf referenced in his complaint about pydoc contained a syntax error. You think that's an unhelpful error message? Ladies and gentlemen, I give you...Clojure! code:
If you're clever you can get it to emit error messages that are just as long but don't even tell you what file the error is in. I love Clojure but jesus christ its compiler needs work.
|
# ? Jul 20, 2012 02:42 |
|
ToxicFrog posted:You think that's an unhelpful error message?
|
# ? Jul 20, 2012 02:48 |
|
PrBacterio posted:That sounds more like the compiler just threw and exception and then decided to just dump the exception's toString() value on the console than an actual compiler error message It does, doesn't it? And in fact I have legit crashed the compiler once or twice. But this is also what a normal compiler error looks like. The errors you get out of the interpreter are much more sensible, thank god, it's only the compiler that shits itself when something goes wrong.
|
# ? Jul 20, 2012 03:07 |
|
ToxicFrog posted:It does, doesn't it? And in fact I have legit crashed the compiler once or twice. But this is also what a normal compiler error looks like. Looks to me like someone wrote the analyzer recursively. So it's not totally weird, at least, though it is unhelpful.
|
# ? Jul 20, 2012 03:58 |
|
gently caress whoever decided that a protobuf with a field set to its default value shouldn't equal a protobuf with that field unset. gently caress them hard.
|
# ? Jul 20, 2012 04:14 |
|
ToxicFrog posted:You think that's an unhelpful error message? It's also only a 1-pass compiler, which I only found out after asking for help in the lisp thread because there's pretty much no documentation of it only being 1-pass at all. Also a functional language that flips poo poo because functions aren't defined in the right order is loving stupid and very counter-productive.
|
# ? Jul 20, 2012 06:27 |
|
yaoi prophet posted:gently caress whoever decided that a protobuf with a field set to its default value shouldn't equal a protobuf with that field unset. gently caress them hard. Protobufs are nice as a serialization format, but using them beyond that can be ugly-- storing an AST in protobufs and evaluating the protobuf directly feels dirty.
|
# ? Jul 20, 2012 08:56 |
|
One guy in the firm I'm interning really doesn't understand the point of exceptions. There's tons of methdos that just throw a plain Exception and I have to go balls deep to find out what the hell it's actually throwing and fixing it so I can actually do something about it. Catchin'n'logging seems to be his thing too.
|
# ? Jul 20, 2012 09:39 |
|
Elos posted:exceptions One of the apps I have the displeasure of maintaining has configurable exception propagation, so when you're testing exceptions are correctly propagated, but when deployed in "production mode" it logs them then silently eats them and returns some random value instead. And when I say it logs them, I mean it logs the message but none of the details. I'm scared to fix this (which would be many weeks of work in itself) in case it breaks something on the live sites.
|
# ? Jul 20, 2012 10:26 |
|
|
# ? May 16, 2024 17:42 |
|
Reasons Python drives me up the loving wall #2398457: There are handy methods for encoding and decoding strings into different character encodings, which even support handling errors, that is characters which do not exist in the current encoding. The 3 built in error handlers are: ignore, replace with '?' and replace with an xml character reference. How does Python dump non ascii characters to the console (and it is non ascii because it doesn't bother looking at your locale settings unless you tell it to)? Like this: '\xff'. If I want to do that I have to register my own error handler, note that is literally installing an error handler into the runtime, not just passing an error handling function to the encode method.
|
# ? Jul 20, 2012 13:16 |