Posts by

Off to the PTraces
July 17, 2019
Yesterday, a privilege escalation bug in the ptrace syscall was made public by Jann Horn at Project Zero, deemed CVE-2019-13272. The culprit was broken permission and object lifetime handling by the PTRACE_TRACEME request, which basically let Linux processes ask an attacker to “trace me like one of your French girls.” Why it’s cool: This vuln […]