Playing with kernel TLS in Linux 4.13 and Go

Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it...

Playing with kernel TLS in Linux 4.13 and Go

Linux 4.13 introduces support for nothing less than... TLS! The 1600 LoC patch allows userspace to pass the kernel the encryption keys for an established connection, making encryption happen transparently inside the kernel. The only ciphersuite supported is AES-128-GCM as per RFC 5288, meaning it...

FreeBSD Security Advisory FreeBSD-SA-13:11.sendfile

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:11.sendfile Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in sendfile2 Category: core Module: sendfile Announced: 2013-09-10 Credits: E...

FreeBSD -- Lost mbuf flag resulting in data corruption

Problem Description: The read-only flag is not correctly copied when a mbuf buffer reference is duplicated. When the sendfile2 system call is used to transmit data over the loopback interface, this can result in the backing pages for the transmitted file being modified, causing data corruption...

FreeBSD Security Advisory (FreeBSD-SA-08:03.sendfile.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:03.sendfile.asc ADV FreeBSD-SA-08:03.sendfile.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008...

FreeBSD Security Advisory (FreeBSD-SA-05:02.sendfile.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:02.sendfile.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Security Advisory (FreeBSD-SA-08:03.sendfile.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-08:03.sendfile.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD sendfile(2)函数只写文件权限绕过安全限制漏洞

BUGTRAQ ID: 27789 CVECAN ID: CVE-2008-0777 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD在处理文件的访问控制时存在漏洞，本地攻击者可能利用此漏洞获取敏感信息。 当进程打开文件（和其他文件系统对象，如目录）时，会指定访问标记说明所要进行的读、写或其他操作。会对这些标记检查文件系统权限，然后存储到所生成的文件描述符，以验证之后的操作。...