On Linux, you can interfere with any process via the process filesystem
typically mounted at /proc in several creative ways, given you have access
rights to a particular process. CAP_SYS_PTRACE isn't just for the ptrace
syscall, but also for access inside /proc. The open file descriptors of
Lin
On Thu, Jan 9, 2025 at 10:22 AM Moritz Sanft wrote:
>
> Thanks for your swift response. Let me clarify some things that I didn't seem
> to convey well in my initial question.
>
> Probably the most important; I'm not looking to disclose a vulnerability in
> Go here. If I was to disclose that, I w
Hey Ian!
Thanks for your swift response. Let me clarify some things that I didn't
seem to convey well in my initial question.
Probably the most important; I'm not looking to disclose a vulnerability in
Go here. If I was to disclose that, I would use the points of contact
you've mentioned.
I'm
On Thu, Jan 9, 2025 at 9:16 AM Moritz Sanft wrote:
>
> I've recently came across a Go application with an arbitrary file write
> vulnerability restricted to `/proc/self`. After researching for a little,
> I've found the following article which exploits such a vulnerability in a
> NodeJS applica
Hey there!
I've recently came across a Go application with an arbitrary file write
vulnerability restricted to `/proc/self`. After researching for a little,
I've found the following article which exploits such a vulnerability in a
NodeJS application, escalating it into remote code execution by
