Show more

All the time when I'm installing NixOS on the server machine and forget to add swap.

Here are results of testing exploits from github.com/jollheef/lpe with the LKRG by Openwall (openwall.com/lkrg/)

For unprepared (no code to bypass LKRG) exploits it actually works well. Only CVE-2016-5195 (aka Dirty COW) still works.

Show thread

out-of-tree v1.4.0 has been released: github.com/jollheef/out-of-tre

Added ability to preload any supported kernel module just by a URL. It can be used to develop new mitigations and test existing exploits against them.

Checkout example of usage with LKRG here: github.com/jollheef/out-of-tre

Mastodon

lor.sh is yet another mastodon instance.