Conversation

Notices

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Oct-2023 06:07:04 JST Haelwenn /элвэн/ :triskell:
   Haha, CVE-2023-34969 aka ability for any user (including unprivileged) to crash dbus-daemon.
   
   Meaning you can crash essentially an entire system because most dbus-using software crash together with dbus.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Oct-2023 06:11:10 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Another Linux Walt Alt
     @lnxw37b2 I don't think so, but could be fun to have with a demo video where they crash and hang an entire desktop in one command.
     (And I wonder how systemd stuff reacts to dbus going down)
   • Embed this notice
     Another Linux Walt Alt (lnxw37b2@shitposter.club)'s status on Tuesday, 24-Oct-2023 06:11:11 JST Another Linux Walt Alt

     in reply to
     @lanodan Did they give it a cutesy name like "D-Buster"?
     Sexy Moon likes this.
   • Embed this notice
     ロミンちゃん (romin@shitposter.club)'s status on Tuesday, 24-Oct-2023 06:17:24 JST ロミンちゃん

     in reply to
     @lanodan code execution possible? It was a matter of time.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Oct-2023 06:55:32 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • ロミンちゃん
     @romin Nah, just a DoS.
     ロミンちゃん likes this.
   • Embed this notice
     ロミンちゃん (romin@shitposter.club)'s status on Tuesday, 24-Oct-2023 06:57:34 JST ロミンちゃん

     in reply to
     @lanodan so they didn't shoot any three letter agency backdoor boo boring
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Oct-2023 07:00:50 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • ロミンちゃん
     @romin I don't think there's a need for a backdoor with dbus because it's public by design/architecture, gives access to a whole bunch of APIs, already comes with tools like dbus-monitor to dump all dbus-related traffic, …
     
     (Which is why I do not have dbus on my machines)
     ロミンちゃん likes this.
   • Embed this notice
     LEdoian (ledoian@pleroma.ledoian.cz)'s status on Tuesday, 24-Oct-2023 10:11:39 JST LEdoian

     in reply to

     • LEdoian

     @lanodan sry, forgot to read other replies… Also, tried it, somehow it survives, not sure how yet.

     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     LEdoian (ledoian@pleroma.ledoian.cz)'s status on Tuesday, 24-Oct-2023 10:11:41 JST LEdoian

     in reply to

     @lanodan > dbus-using software

     e.g. systemd? Big fun… (Will not probably kill PID 1, but stuff like systemctl might stop working)

   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 25-Oct-2023 05:01:45 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • pomstan
     @pomstan Unless all of them fixed it yeah, it's specially fun on phones because ModemManager works via dbus.
   • Embed this notice
     pomstan (pomstan@xn--p1abe3d.xn--80asehdb)'s status on Wednesday, 25-Oct-2023 05:01:46 JST pomstan

     in reply to

     @lanodan

     most dbus-using software crash together with dbus.

     is that fucking real