see shy jo is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Does anybody know the origin story of the beep bug (CVE-2018-0492)? How was it discovered?

@Kensan I'm surprised it didn't have a security hole found in it earlier. It's had segfaults fixed in its before.

@Kensan impressive that they found an exploitable race involving signals though, rather than some garden-variety buffer overflow

@joeyh I am just wondering about the story behind it’s discovery because I doubt somebody was actively looking into beep... but if they were then I would imagine the why would be interesting as well :)

see shy jo @joeyh

@Kensan not uncommon for people to look over suid programs

often a well-targeted grep across a bunch of software can find you a security hole, for example see

· Web · 0 · 1