Posted by Roman Fiedler on Feb 18

Hello List,

100% reliable exploitation of file system time races (TOCTOU
vulnerabilities) may be hard as the timing depends on numerous
target system parameters (CPU cores, load, memory pressure, file
system type, …). Instead of optimizing the exploit to win the
real race, the timing of Firejail stderr and stdout output was
analyzed. With the correct parameters known the Firejail process
can be frozen exactly in the right moment when…
Read More – Full Disclosure

By |2021-02-19T01:19:25+00:00February 19th, 2021|