com.fightcade.Fightcade-ARCHIVE
securitylab
Our great sponsors
com.fightcade.Fightcade-ARCHIVE | securitylab | |
---|---|---|
2 | 6 | |
2 | 1,332 | |
- | 2.1% | |
6.5 | 5.8 | |
over 3 years ago | about 1 month ago | |
Shell | C | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
com.fightcade.Fightcade-ARCHIVE
-
What problems do people solve with strace?
But more recently I ran into an issue when sandboxing a proprietary application, and thankfully was able to find a solution. Here's a link to the issue on Github if anyone is interested - it includes the full straces, too.
-
Don't like Snaps/Flatpaks? Now, there is an unofficial version of spotify that works with your regular package manager and still keeps up-to-date!
The files in the Ci don't need to be in the Git repo; I've used Github Ci in the past to build a Flatpak with Wine which was huge and took 40 minutes per run: https://github.com/Pobega/com.fightcade.Fightcade-ARCHIVE/actions
securitylab
-
Gaining kernel code execution on an MTE-enabled Pixel 8
news.ycombinator.com/item?id=397522…
First an important point: we only research open source code, which means that many parts of your phone (for example most of your apps) are out-of-scope for us. That said, all open source code is in-scope, including projects that aren’t hosted on GitHub. (Quote tweet reply to this tweet [2])
In this particular case, @mmolgtm found a bug in Arm Mali, which is an open source GPU driver used on many Android phones. Android itself is open source. https://developer.arm.com/downloads/-/mali-drivers/valhall-k...
Open source software is the foundation of much of the world’s software. So when open source wins, we win. And that’s why @GitHub takes its responsibility seriously, to help make open source software more secure.
GitHub Security Lab sits within @GitHubSecurity, and we focus exclusively on open source security with four main priorities:
First, we run the GitHub Advisory Database, which is a comprehensive database of open source vulnerabilities. https://t.co/U4HlXO2l1G
Second, we share information around secure coding practices, through blogs and video content. https://t.co/EdO5SZtR0B
Third, we use GitHub’s CodeQL to scan thousands of open source repositories for common security mistakes, like SQL injections or path traversals. https://t.co/m72rt2a5RL
And fourth, we do deep research on critical open source projects. @mmolgtm’s recent work on Arm Mail is an example of this. https://t.co/jxVYeoJjtO
The work that we do feeds into GitHub’s security products. For example, the advisory database is used to generate Dependabot alerts. https://docs.github.com/en/code-security/dependabot/dependab...
Similarly, our work with CodeQL provides feedback to the code scanning team to help improve and further develop the feature so that more vulnerabilities are caught quickly and automatically. https://docs.github.com/en/code-security/code-scanning/intro...
And these activities also benefit open source, because GitHub security products, including Dependabot and CodeQL, are free for open source projects!
Our deep research work is primarily intended to inspire the community, so that we can improve open source security together. That’s why we publish detailed blog posts and proof-of-concept exploits.
https://github.com/github/securitylab/tree/main/SecurityExpl...
We’re big believers in Linus's law: “given enough eyeballs, all bugs are shallow”. Together, we’re making open source software secure. https://en.wikipedia.org/wiki/Linus%27s_law
[1]: https://x.com/ghsecuritylab/status/1770940743944720557
[2]: https://x.com/zemarmot/status/1681008991663423489
-
Rooting with root cause: finding a variant of a Project Zero bug
Man Yue Mo used a race condition bug to make GPU access freed memory and gained root from the untrusted_app context on Pixel 6.
-
Corrupting memory without memory corruption
The bug allows mapping arbitrary physical pages to the GPU memory with both read and write access. The exploit gets arbitrary kernel code execution on Pixel 6, disables SELinux, and gains root.
-
Is Github Save for Commercial Use? (just project managment)
maybe ask here https://securitylab.github.com/.
- [Java] CWE-502: Unsafe deserialization with three JSON frameworks · Issue #373 · github/securitylab
-
Don't like Snaps/Flatpaks? Now, there is an unofficial version of spotify that works with your regular package manager and still keeps up-to-date!
The number of packages with filesystem=root. Also this:
What are some alternatives?
docker-wine - Docker image that includes Wine and Winetricks for running Windows applications on Linux and macOS
Unofficial-Spotify - Unofficial up-to-date linux Spotify package derived from the Snap Package.
pacman-for-k8s - Pac-Man the classic arcade game - deployment files for VMware Tanzu and other Kubernetes distributions.
ncspot - Cross-platform ncurses Spotify client written in Rust, inspired by ncmpc and the likes.
Backroll - Unity C# Port of GGPO built atop Hourai Networking
ggrs - GGRS is a reimagination of GGPO, enabling P2P rollback networking in Rust. Rollback to the future!
com.cisco.PacketTracer - A Flatpak manifest for Cisco's Packet Tracer.