I couldn't get the POC to work with my version of Python so I had ChatGPT convert it to C [0] and was able to verify my Slackware system does not appear to be affected, but my NixOS system would be if I had any world-readable suid binaries (which I had to make one to test it).
A workaround might be to make all setuid/setgid files non-world-readable because then they cannot be opened at all, and thus there is no setuid file to replace the contents of.
Fair enough -- a simpler change might be to poison /etc/passwd and call `su` to a user that has uid 0, since that requires no shell code nor a readable binary, and this seems to have worked in a slightly modified POC:
It being readable is the default configuration most places, after all the purpose is to call it from a non-privileged user. But I could see it being made non-readable since its use is discouraged nowadays... though then I'd expect sudo to be readable as an alternative.
We created Keeta Agent [0] to do this on macOS more easily (also works with GPG, which is important for things that don't yet support SSH Signatures, like XCode).
Since it just uses PKCS#11, it also works with tpm_pkcs11. Source for the various bits that are bundled is here [1].
Here's an overview of how it works:
1. Application asks to sign with GPG Key "1ABD0F4F95D89E15C2F5364D2B523B4FDC488AC7"
2. GPG looks at its key database and sees GPG Key "1ABD...8AC7" is a smartcard, reaches out to Smartcard Daemon (SCD), launching if needed -- this launches gnupg-pkcs11-scd per configuration
3. gnupg-pkcs11-scd loads the SSH Agent PKCS#11 module into its shared memory and initializes it and asks it to List Objects
4. The SSH Agent PKCS#11 module connects to the SSH Agent socket provided by Keeta Agent and asks it to List Keys
5. Key list is converted from SSH Agent protocol to PKCS#11 response by SSH Agent PKCS#11 module
6. Key list is converted from PKCS#11 response to gnupg-scd response by gnugpg-pkcs11-scd
7. GPG Reads the response and if the key is found, asks the SCD (gnugpg-pkcs11-scd) to Sign a hash of the Material
8. gnupg-pkgcs11-scd asks the PKCS#11 module to sign using the specified object by its Object ID
9. PKCS#11 module sends a message to Secretive over the SSH Agent socket to sign the material using a specific key (identified by its Key ID) using the requested signing algorithm and raw signing (i.e., no hashing)
10. Response makes it back through all those same layers unmodified except for wrapping
I usually just move all the files to a new directory (/oldroot) and pivot_root -- any open files reference the new paths. Then install into the newly empty root directory of the filesystem, reboot and delete the /oldroot.
Don't you get any errors even if you race immediately to start pivot_root? pivot_root also won't modify all open file descriptors at once. Seems it's not fatal, but have you managed to do this over ssh and not be disconnected?
I don't know what you mean regarding pivot_root affecting file descriptors because they are not modified, they point to new names because the enclosing directory has been moved/renamed. There is a small race between moving items in the root directory as well as after moving all items and before starting pivot_root, but that race doesn't involve file descriptors but opening at the old paths before the new one is established, though lots of things use openat() these days so it doesn't really even occur in most cases then.
I didn't know file descriptors worked like that admittedly. Also instead of moving the files couldn't we copy them to the new root and pivot_root then?
That sounds like the best way if keeping the filesystem is an option. In my case I wanted to also change filesystems and apply FDE, which is possible to do if the original filesystem supports online shrinking but many do not.
To me, the biggest issue is that it seems to think of computers as something you use while being near and having only one user at a time accessing, where computers you use might be far away and have thousands of people accessing them per day with hundreds of concurrent users and tens of thousands of accounts.
If you don't intentionally allow accounts access to any app stores, do you still need to collect the data ? It says to collect it, and that's the purpose but it doesn't say if you're not permitting that purpose you don't have to collect it
That an issue to you, I, personally, love the idea of submitting my ID to McDonald's kiosk before ordering.
Maybe that would finally push them to make kiosks that run entirely without OS. I expect a big enough Rube Goldberg machine could do the task if not as efficiently, then at least in a more entertaining way.
Well, not really because that part doesn't grant the US President arbitrary powers to perform any action that would result in regulation (for example, he is not given the power to go around killing random people even if doing so would effectively regulate international trade; he can't declare war on another country even if doing so would be the best way to effectuate regulation of trade with another country) it gives him the OBLIGATION to perform regulation, using the powers delegated to him.
If giving the US President unlimited and arbitrary authority as long as they can claim it was useful for meeting a legal obligation created by Congress were the correct interpretation then we need look no further than the "Take Care" clause of the US Constitution, where the US President is given the obligation to take care that all laws are faithfully executed -- which, with this interpretation, would mean that any action would be under the purview of the US President as long as they could claim at doing that action resulted in the laws being faithfully executed.
Good news ! It is against the law (i.e., illegal) for a US President to impose tariffs (on a whim or otherwise) -- a US President doing so is doing so illegally and without constitutional authority!
When the US President commits crimes as the US President, he has absolute immunity from prosecution (otherwise, he might not be emboldened to break the law) so there is no judicial recourse, but the US Congress can still see the illegal activity and impeach and remove him from office to stop the execution of illegal activity. As our representatives within the US Government, they are responsible to us to enact our legislative outcomes. It appears they have determined that the illegal activity is what we wanted, or there would be articles of impeachment for these illegal acts.
The legislative branch can of course deliberately impose tariffs at any time for the reasons you listed.
This misses the point that tax exemptions are the way politicians campaign for voter blocks. Having different kinds of taxes makes it easier to target a voter blocks more precisely.
[author here] Very good questions; I definitely would like to revisit num32 very shortly. I'd say the initial rational of having num32 is not coherent right now, but I'll have to verify removing the support.
we have floating point type(It was missing from the type list in readme. I have just updated that seeing this comment. thank you!)
Well, clarity would be achieved with a name like u64. Is num signed? What's the range? Is it integers or floating point? All these things are hidden. With u64 there would be no questions open. (Well a few maybe, like overflow behavior, but can't have it all..)
There cannot be any num32.
num is a number, which can be fixed size integers, floating point numbers (of fixed size or not) or bigints. Some also add decimals
MII//epi
Is converted to MII/epi