Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
josephg
10 months ago
|
parent
|
context
|
favorite
| on:
XZ backdoor: "It's RCE, not auth bypass, and gated...
IFUNC and landlock could be debugged pretty easily at runtime, just by adding some instrumentation.
saagarjha
10 months ago
[β]
Yes but that requires you to know that someone will use it beforehand.
josephg
10 months ago
|
parent
[β]
Now that we know IFUNC can me misused like this, it would be pretty silly if we allow other, future exploits to use the same trick.
saagarjha
10 months ago
|
root
|
parent
[β]
ifunc was only used because itβs an obscure feature that is little-used and provides a way to convert a backdoor into easy execution. There are many others and it would be silly to try to catch them all.
Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
