Does anybody know the origin story of the beep bug (CVE-2018-0492)? How was it discovered?

@Kensan I'm surprised it didn't have a security hole found in it earlier. It's had segfaults fixed in its before.

@Kensan impressive that they found an exploitable race involving signals though, rather than some garden-variety buffer overflow

@joeyh I am just wondering about the story behind it’s discovery because I doubt somebody was actively looking into beep... but if they were then I would imagine the why would be interesting as well :)


@Kensan not uncommon for people to look over suid programs

often a well-targeted grep across a bunch of software can find you a security hole, for example see

Sign in to participate in the conversation

Octodon is a nice general purpose instance. more