Pffft *spits coffee all over keyboard* So apparently on #Linux, usernames starting with "0x" are interpreted as hex numbers under certain circumstances. 🤪 That seems like asking for trouble... - ThreadSky

About ThreadSky

jschauma.mstdn.social.ap.brid.gy • 19 days ago

Pffft *spits coffee all over keyboard*

So apparently on #Linux, usernames starting with "0x" are interpreted as hex numbers under certain circumstances. 🤪 That seems like asking for trouble...

Comments

TimWardCam.c.im.ap.brid.gy•18 days ago

@jschauma You didn't use the right sequence of multiple nested multifarious quoting and escaping hieroglyphics, obvs. Try a few single and double quotes mixed up with random sequences of backslashes?

jschauma.mstdn.social.ap.brid.gy•19 days ago

Seems related to / variant of CVE-2020-13776, and guess what's that's #systemd. Because of course it is.

https://nvd.nist.gov/vuln/detail/CVE-2020-13776

https://github.com/systemd/systemd/issues/15985

isotopp.infosec.exchange.ap.brid.gy•19 days ago

@jschauma Somebody used a `sscanf("%i")` on user supplied numeric input, I presume.

The `-u` option allows names or UID. They are allowing numbers using `%i`, and that is a side-effect.

adamhotep.infosec.exchange.ap.brid.gy•19 days ago

@jschauma `ps -u` takes IDs or usernames, so I suspect this is limited to that exact program and no further.

r3pek.mastodon.r3pek.org.ap.brid.gy•18 days ago

@jschauma you actually made me go look at the code 😉

As you can see from the image, the parser tries to convert the "string" into a number and use it as an ID for the filter. It so happens that strtoul is able to parse "0x" strings as hex values, so this […] https://mastodon.r3pek.org/@r3pek/114502185235313282

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply