for whatever reason, unknown to me, hn automatically strips "how" from the start of titles. i cant remember ever seeing a title where this was an improvement.
Titles are standard clickbait.
I do think this would genuinely be useful.
The fact that LLMs usually generate anodyne summaries is actualy a benefit here.
I used my website-to-markdown tool[0] to get the text, piped the output to claude -p and got a pretty decent "Patching Copy Fail at scale: how bpf-lsm bought us time before the kernel reboot" result.
Before: Teens break record for world's longest kickball game
After: Teens break record for longest kickball game
> https://news.ycombinator.com/item?id=48018715 "How do I inform Windows that I’m writing a binary file?"
I wonder if it ending in a '?' has anything to do with it?
edit: Upon review, at the time of posting it was actually on the 2nd page
Although given the tendency for end point logging agents to run on buffers to reduce their network chattiness I do wonder if a fast acting exploit could dump that buffer before it manages to be transmitted.
I don't think any of the agents are complex enough to immediately transmit permission elevation log messages over the regular background noise.
I'd like to know what those distinctive traces are, which is also missing :(
It sounds great but that could be as low as 50.1% since they don't provide an actual percentage.
CopyFail only highlights why Companies want LTS. If there was a supported kernel built prior to 2017, most large companies would still be on that version, avoiding this issue all-together.
The corporate mindset is usually "never upgrade unless there is new hardware needed or critical software failure". All CopyFail did was reinforce that mindset.
I wonder if CopyFail will cause enterprises put pressure on the Linux Foundation to maintain a "ultra LTS" were it is supported for 20 years ?
Sadly not really how it works for say Red Hat. They routinely backport features while keeping whatever "stable" number on kernel. We even had displeasure of them backporting a bug... same bug to 2 different RHEL versions
* Get list of modules from Puppet's facts, confirm module isn't used anywhere (it wasn't) * `install algif_aead /bin/false` in /etc/modprobe.d/disable-algif.conf * Run a check using exploit code to check it is no longer working
I imagine CF runs more stuff that could use it I guess but apparently it's not often used API
skinfaxi•1h ago
> One of the first things our security team did was confirm that our existing endpoint detection would catch this exploit. Our servers run behavioral detection that continuously monitors process execution patterns. It doesn't rely on knowing about specific vulnerabilities; it watches for anomalous behavior across the fleet.
CGamesPlay•1h ago
jeffbee•1h ago
CGamesPlay•1h ago
jeffbee•53m ago
Retr0id•48m ago
I have a fileless, execless copyfail exploit that works by injecting shellcode directly into systemd's pid 1. (I should probably publish it at some point...)
jeffbee•39m ago
There's no reason the task should even be assumed to be executing code in a file. A process can map code into anonymous memory and continue executing there without even branching. Again this is considered a feature of the system rather than a flaw.
parliament32•1h ago
In a serious environment you'd run IPE with dm-verity/fs-verity to ensure binaries are whitelisted and integrity-checked at every execution.
staticassertion•32m ago
dboreham•49m ago
mobeigi•45m ago
staticassertion•31m ago
skinfaxi•17m ago