**Kensan** @Kensan@mastodon.social · Apr 03, 2018, 20:33

**Kensan** @Kensan@mastodon.social · Apr 03, 2018, 20:33

Kensan @Kensan@mastodon.social

Does anybody know the origin story of the beep bug (CVE-2018-0492)? How was it discovered?

**see shy jo** @joeyh · Apr 03, 2018, 21:31

**see shy jo** @joeyh · Apr 03, 2018, 21:31

@Kensan I'm surprised it didn't have a security hole found in it earlier. It's had segfaults fixed in its before.

**see shy jo** @joeyh · Apr 03, 2018, 21:39

**see shy jo** @joeyh · Apr 03, 2018, 21:39

@Kensan impressive that they found an exploitable race involving signals though, rather than some garden-variety buffer overflow

**Kensan** @Kensan@mastodon.social · Apr 03, 2018, 21:41

**Kensan** @Kensan@mastodon.social · Apr 03, 2018, 21:41

@joeyh I am just wondering about the story behind it’s discovery because I doubt somebody was actively looking into beep... but if they were then I would imagine the why would be interesting as well :)

**see shy jo** @joeyh · 2018-04-03T21:44:55Z

see shy jo @joeyh

@Kensan not uncommon for people to look over suid programs

often a well-targeted grep across a bunch of software can find you a security hole, for example see https://blog.steve.fi/finding_and_reporting_trivial_security_issues.html

Apr 03, 2018, 21:44 · Web · 0 · 1

**Kensan** @Kensan@mastodon.social · Apr 03, 2018, 21:48

**Kensan** @Kensan@mastodon.social · Apr 03, 2018, 21:48

@joeyh Ah yes, suid raises attention.