>The Stack Clash is a vulnerability in the memory management of several operating systems. It affects Linux, OpenBSD, NetBSD, FreeBSD and Solaris, on i386 and amd64. It can be exploited by attackers to corrupt memory and execute arbitrary code.
>Am I affected by the Stack Clash? >If you are using Linux, OpenBSD, NetBSD, FreeBSD, or Solaris, on i386 or amd64, you are affected.
>What are the risks posed by the Stack Clash? >The exploits and proofs of concept that we developed in the course of our research are all Local Privilege Escalations: an attacker who has any kind of access to an affected system can exploit the Stack Clash vulnerability and obtain full root privileges.
B T F O
Owen Cruz
>*nix is kill Don't you mean EVERY SINGLE FUCKING OS is kill?
>time to use AIX, gayz :DDD
Jaxon Sanders
At least OpenBSD hipster won't be schadenfreuding as they usually do.
Levi Roberts
>fixed already ok
Christian Fisher
>compiled my system with -fstack-protector-all a-am i safe Sup Forumsuys?
Jonathan Gutierrez
>local only >patches for all distributions are available June 19, 2017
wow its fucking nothing
Austin Roberts
Why do you guys have to be so faggy about this type of shit? You could have started your thread with the article and a couple of questions, but instead it's always "X BTFO FINISHED AND BANKRUPT". Is it because nobody responds if you aren't as sensationalist as possible?
Jeremiah Peterson
Because this is not reddit or hn?
Liam Roberts
I know. That doesn't mean it isn't retarded. I'm just a little tired of "le bantz"
Alexander Perry
>no Windows whut
Adam Collins
This. This is on the level of popping an Oophcrack CD in a Windows box and getting the passwords. In fact, it's even gayer than that because the exploit is so ridiculously convoluted, nobody would ever seriously attempt it.
Jaxson Hall
They have working exploits tho.
Brayden Russell
AIX is UNIX, retard. It's also probably the worst UNIX you can find.
Angel Gray
> Apple and Microsoft > W-we don't h-have that sploit
all *nix will fix the exploit while micro$haft and crApple will leave it in their OSes since no one can audit it
Chase Myers
I'm pretty sure Windows is not unix-like OS Their servers, on the other hand...
Charles Barnes
Unix is finished and bankrupt unixfags on suicide watch
Nathan Parker
I'm confused, where the f. are stack canaries?
Ethan Turner
Title is clickbait garbage. OpenBSD was not really affected.
First they say "all OSes affected, 32/64bit"
Then the OpenBSD section says i386 only.
Then the OpenBSD section says they modified a non-default kernel option to make their PoC work (which, by the way, also needed to create fourty million cronjob files over the course of a week to work).
Linux was hit the hardest by this.
Adrian Hernandez
>on i386 and amd64 So it's not a matter of the OS, it's the shitty architecture.
Angel Turner
>cuck license
Brandon Torres
xD
Logan Rivera
>monolithic archs
Levi Rivera
Windows is immune because 1) it doesn't grow the stack on demand (size is always fixed, location isn't), and 2) threads are not separate lightweight processes, therefore their stacks are placed at random locations in the addressing space of what would be the "main" process in a unix-like.
The process model is fundamentally different, even if it all boils down to "tasks" for the CPUs to run.
Cooper Collins
>developed in the course of our research are all Local Privilege Escalations wow nothing to see here
Charles Foster
lol are you
Connor Cooper
Linux is finished, but for different reasons.
Global variables.
Joshua Scott
just ran eix-sync and both sys-kernel/hardened-sources and sys-kernel/gentoo-sources are not showing any upgrades. >This system is not affected by any of the listed GLSAs
Isaiah Young
gfy
Jordan Wright
>Linux was hit the hardest by this. No because it's already been patched.
Cooper Carter
Local only
Connor Miller
If you smash the stack, the bird stops singing.
Aaron Stewart
>is kill >everything's already been patched ok
Christian Morales
macOS Sierra doesn't have this problem :)
Parker Morris
if only anybody used OpenBSD
Dominic Ross
>this damage control
James Harris
I do
Leo Rodriguez
>email from 3 years ago
Isaac Hughes
ya they even payed off 2016 really turned it around!
Josiah Perry
Look at this openbsd shill who is spouting completely inaccurate information because be has to defend his precious little OS.
Aaron Harris
No
Nathaniel Wood
>No because it's already been patched. The same can be said about every platform affected, still, Linux it's where the exploit it's most straightforward
Carter Howard
Just don't contribute code
Jacob Lee
>does not understand the concept of chaining exploits
pls leave
Ryan Walker
>on i386 or amd64 *blocks your path*
Landon Howard
'member that kernel bug for linux that got called dirty cow?
Ian Hill
>non-default kernel lel Once again OpenBSD > *BSD > shitnux
Ethan Wright
>Windows is affected by an exploit fixed 3 months earlier >LEL WINSHIT IS FINISHED xDDDD >Unix and Unix-like systems are affected by an exploit fixed a couple of hours >hurr durr no problemo it's already fixed
Joseph Lewis
All supported Apple devices are either ARM or x86_64 and therefore not affected according to OP.
Chase Reed
>x86_64 >mfw this retarded macfaggot thinks that his Intel processor isn't amd64
Xavier Butler
>are all Local Privilege Escalations: an attacker who has any kind of access to an affected system can exploit the Stack Clash vulnerability and obtain full root privileges. Whoop dee doo.
Aiden Richardson
Linux + ARM wins again
btfo x86_64 fags
Robert Baker
>he doesnt know _64 = AMD64 the x86 extention
poor poor child
Juan Williams
>ARM wins Everything non-x86 won
Caleb Roberts
>yfw this is really x86's fault
Guys, remind me again why we're still using the deprecated x86 architecture.
Michael Wood
>implying x64 isn't x86 or are you a MIPS-faggot?
Xavier Johnson
There's nothing special about x86(-64) tho, it's just the authors tested their ideas on it. It's the same reason there are no exploits for macOS - they just didn't care enough to spend time breaking it.
Wyatt Ortiz
This.
Nobody would attempt this at any level unless they were seriously targeting you on some revenge shit.
Local attacks don't really happen on a consumer basis and the last large scale local attack was when they were dropping fake flash drives outside of the pentagon hoping some idiot would pick them up and stick them into their intranet PC's.
Brody Watson
who took this pic
Nathan Gutierrez
I love this cat, mind if i save it?
Michael Morgan
>implying there's something wrong with MIPS
Jason Bailey
>openbsd >i386 >requires local root to exploit
Oliver Richardson
It doesn't need local root to exploit, it would be a pretty shitty privilege escalation if it needed root.
What it needs is ability to run something on the local machine. It isn't a remote exploit (in itself) but if you got in through a remote exploit you could use this exploit to get privilege escalation.
Thomas Martin
Windows doesn't have this problem
Grayson Lewis
Risc-v Just isn't ready yet
Brandon Mitchell
Yeah. I'm not OP but I sympathize with his methods. During my time here I learned that you can't just say or ask something and expect Sup Forums to take it seriously. People will take a holier-than-thou attitude as if they knew they were right and discuss anything except what you wanted to talk about.
There is a better way. You must coax Sup Forums into doing what you want. To do this, you become the insufferable uneducated prick that pretends he's right. You advance retarded positions such as "*nix is finished" and it somehow baits Sup Forums into responding. It puts them on the defensive, they rapidly rush in to defend *nix, explain mitigation and why everything's okay, which is probably what OP wanted all along.
You can see this all over the board.
>why do you use in ? it doesn't even have > IS FINISHED >my linux broke again! fuck your timesink OS that doesn't work!
It'a simple. Notice the fanboyism present in Sup Forums. All you have to do is negate some generally accepted logical proposition and it will make fanboys rush in to restablish it's veracity.
Jacob Johnson
Sup Forums is like live wikipedia editing. You write some stupid shit about a topic and people thay care way too much about it come rushing in to undo your damage. The only difference is that their posts don't overwrite yours.
The trick is figuring out exactly what you must say to offend as many fanboys as possible. Can't do something in Linux? Imply that Linux can't do it at all. That will trigger fanboys, who will rush in and prove you wrong, and they'll call you retarded even though you bamboozled them into doing your homework for you. Much more efficient than asking smart questions the hacker way. Sup Forums just ignores those.
Adam Myers
>try editing a dwg on linux >not supported Sup Forums told me linux can do everything All linux is good for is pointless ricing.
Jaxon Johnson
Psychological effects disappear once people become aware of them. People compensate. You can't bait people after talking about baiting them. Well, you can but it's a lot harder.
Adrian Gutierrez
Wrong, retard Privescs are extremely useful, getting a user to run malware on their user account is a lot easier than getting them to run as root Then you escalate to root, install your own driver/rootkit, and you know everything they ever do now
Alexander Howard
Baited.
Thomas Sanders
I think Sup Forums is just incapable of comprehending the idea of general trends. Something being slightly more inconvenient on Linux for instance usually ends in two sides being taken.
A) "You're a fucking idiot because I can do this in Gimp with 3 plugins and a script and a third party program and it's almost as good as the single button you click on Windows, IT'S LITERALLY THE SAME THING YOU MUST BE RETARDED"
B) "LOL Linux can't even do this one simple thing therefore it can't do anything, BTFO"
Also see web browsers, hardware manufacturers, mobile phone brands and practically any binary choice you could make including whether or not you should breathe.
Bentley Ward
>720p video at 70% cpu usage Can you stop
Connor Smith
What?
Xavier Lopez
Is it really bait if I was willing to answer all along?
Pretty much. Those two framing devices invite different kinds of replies. The first attracts Windows people who will argue endlessly that it's easier on Windows, the second will attract Linux people who will prove that it can be done. OP can learn useful information from both groups. It all depends on OP's need.
Honestly in Sup Forums's case I'd rather assume malice than stupidity. I'd rather think people are baiting than believe they're actually this stupid. With this mindset this board makes a lot of sense.
Ryder Johnson
OpenBSD has no support for hardware video decoding acceleration like VA-API, meaning you're going waste nearly 100% of your CPU to decode 1080p/60fps youtube videos. It's basically unusable on the desktop unless you're rms.
Isaac Ortiz
>they laugh at my OS ZOMG time to call Sup Forumseddit army!1!!!1111
Windows is shit. *nix is not yet, though Poettering and his cocksuckers are working hard to "fix" it
Did you know that your great patched OS renders scrollbars in the kernel space?
Gabriel Nelson
probably an ugly person
Owen Green
Apple uses it in all their Airport products.
Luke Watson
A Trump.
Jayden Watson
This is a local exploit that is really complicated. Its not that bad.
Juan Brooks
Works on my machine
Airport devices use NetBSD
Luis Taylor
>that filename
Zachary Peterson
cpu is meant to be used.
Benjamin Davis
>being this salty because you got told hard Hypocrisy may be one of your "qualities", both operating systems have their own shit but at least I don't get butthurt because of it.
Or should I assume you like to suck Stallman's cock too like those freetards just because you don't like Windows?
Hudson Cook
I dunno man. Rendering scrollbars in kernel space seems pretty bad.
Adam Gonzalez
It is. But that doesn't mean the neighbor's grass is greener as well, as you can see from this thread.
Samuel Reyes
a stack overflow in its most basic form
W e W
really doing cutting edge research
Sebastian Taylor
L M A O
You get what you pay for Linuxtards
Dylan Wilson
HAHAHAHAHAHA FREEKEKS BTFO!!!1!!!!
Landon Bennett
What are the steps for this attack exactly?
Someone please tell.
Brayden Young
I think I'll be fine.
Nicholas Butler
with every exploited bug Linux is only getting stronger
Ethan Williams
Lack of available consumer hardware makes MIPS pretty much unusable for anything other than embedded.
Gavin Perez
isn't lemote MIPS?
i wish i could find lemote hardware for cheap somewhere
Asher Powell
I guess that explains why Windows is so secure
Eli Diaz
I wish I could find a place where Lemote hardware could be purchased AT ALL. Is it really that hard for them to just put their laptop on Amazon and let freetards buy their shit?
Brody Turner
ayyyyyy you like modern web browsers?
Luis Cox
>they put their code on the stack
Christopher Brooks
It's much simpler than that. Sup Forums is filled with counter-culture nerds that desperately want to be snowflakes, so they latch on to everything contrary to pop culture.
Of course, much like the Hot Topic mall goths who wear those hilariously ironic shirts, they end up all being the same as the other 'non-conformists', despite their intent.