A 10-year old root exploit was found in the Unix “man” program used for displaying system documentation. The “man trap exploit” is triggered when certain key combinations and escape sequences are triggered in malicious man pages, which would be able to use the screen buffer memory to replay login details. Infected man pages have been found in the core utilities of virtually every Linux and BSD distribution.
“This is shocking”, said security expert Justin Case. “Not only in that it works, but that it has gone undetected for so long.” Security patches were responsibly disclosed to distribution maintainers 3 months before the time of writing. System administrators are recommended to update to the latest patch in line with good security practices. “Our main consolation is that the exploit requires you to actually read a man page from start to finish. As that has never in the history of computing actually happened, we’re pretty sure there were no victims.”
>the exploit requires you to actually read a man page from start to finish. As that has never in the history of computing actually happened, nice, I thought everyone else was reading the whole thing I feel better now
Jaxson Nguyen
Can't resist those 10-year-olds.
Isaac Allen
o baby imagine slamming that ass, s(he) is so thin there'd be a bulge so big you'd be able to massage your big end while you're injecting your baby cream
"While OpenBSD already mitigates the exploit through judicious use of pledge in man(1), the team has decided to randomize the content and layout of all man pages…"
Nathan Gray
>needing/having "man" on your system This is not a problem for secure environments run by non retards. I'm serious here, how is this actually a problem for anyone else then the typical "muh rice" Linux fanboy?
Kevin Green
>“Our main consolation is that the exploit requires you to actually read a man page from start to finish. As that has never in the history of computing actually happened, we’re pretty sure there were no victims.” >t. I never used UNIX or related system before 1999 making it obvious, uh?
David Rodriguez
is there an actual source for this?
Ian Allen
it's satire
Grayson Ortiz
I read the entire manpage for pacman how fucked am I
Charles Green
just so they can say nobody reads man pages? who am i kidding, this is just so op can make a trap thread
Andrew Perez
How does it get root? it runs as your user
Evan Carter
The joke requires you to read the post from start to finish. Since that didn't happen, we're pretty sure no one got it.
Xavier King
I think that irony is funnier than the OP.
Joseph Morris
Checked
Jace Moore
>>Security patches were responsibly disclosed to distribution maintainers 3 months before the time of writing. I'm guessing it's fix'd.
Asher Edwards
>“Our main consolation is that the exploit requires you to actually read a man page from start to finish. As that has never in the history of computing actually happened, we’re pretty sure there were no victims.” ha ha ha, so funny. I read whole man pages from section 3 all the time. >Understand the interfaces which you are coding to! Most of the security (or simply bug) issues we audited out of our source tree are just that. The programmer in question was a careless slob, not paying attention to the interface he was using. The repeated nature of the same classes of bugs throughout the source tree, also showed us that most programmers learn to code by (bad) examples. A solid systems's approach should not be based on "but it works". Yet, time and time again, we see that for most people this is the case. They don't care about good software, only about "good enough" software. So the programmers can continue to make such mistakes. Thus, I do not feel all that excited about writing a book which would simply teach people that the devil is in the details. If they haven't figured it out by now, perhaps they should consider another occupation (one where they will cause less damage). -Theo de Raadt
John Morris
>using man instead of just copy pasting from stackoverflow
Daniel Garcia
>b-but m-m-muh ppppeer review
>be random guy >read man source code >find exploit noone else noticed >keep it a secret >spend the next decade shitting on all linux systems that I come across incorperate it into a literal botnet >use as privilege escalation >mfw by bot doesn't need sudo wew lads
>same link, exact same text as posted in OP >no secondary sources >in fact no sources at all >no reference to bug anywhere on the internet
Luis Baker
>I fuck men in the ass. My dick is a turd spatula. I have consumed human feces during a sex act. -Theo de Raadt
William Myers
look at other posts on that site, they're all jokes/satire
Justin Rogers
>the site has satire in its name it must be satire Back to l eddit.
Carson Turner
>man has a bug that allows screen buffer memory replay That's not how screen buffers work, not to mention that modern computers use graphic cards now and no longer write directly to screen buffers.
>"""bug""" is nicknamed "man trap" Come on, this is an obvious give away.
Caleb Murphy
where did i say that?
also; sudosatirical.com/about/ >"Everything here is for the purpose of satire and that is rather obvious… "
Anthony Walker
I'm not even the original person you were talking too
Brayden Carter
that was a response to the contents of one post only, can't not be the person i was responding to
Levi Gonzalez
>security expert Justin Case kek nice bait user
Jack Cruz
>can't not be
Dominic Myers
what an absolute shit thread
Jordan Rivera
sauce and chilli please
Ryan Richardson
better bump it then, fucking idiot
Justin Morris
yea, everyone on this board deserves to see this absolute garbage
