codemicro/website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

typo

Browse source
This commit is contained in:
akp 2025-06-15 17:16:12 +01:00
parent d075f99338
commit df82084b46
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
site/blog/breaking-secnet-assignments/content.md
View file

@ -114,7 +114,7 @@ So, armed with this knowledge and the source code, it's trivially simple to comm
This entire attack was possible because I have the VM's disk image right here on my computer and I can do absolutely whatever I want to it, such as overriding its access control settings.
Within the aims of the module this is fine - this is an introuction to security module so if you can exploit it like this, you're not really the target audience and you've already achieved the aims of the module.
Within the aims of the module this is fine - this is an introduction to security module so if you can exploit it like this, you're not really the target audience and you've already achieved the aims of the module.
That said, if we're trying to make this attack impossible, something like hosting a remote VM for each student enrolled on the module that could be accessed only via SSH. This way, with appropriate access control measures, there'd be no way to dump secrets from `/root` short of a kernel bug. Realistically though, hosting 330 VMs like that would never fly - it's simply too expensive and time-consuming versus the benefit gained.
@ -132,4 +132,4 @@ This was fun a fun little thing to meddle with for a while, but ultimately a poi
[^3]: The original VM is a VirtualBox image that I converted to `qcow2` format to use in QEMU. [Instructions here.](https://wiki.akpain.net/books/38059-operating-systems-and-systems-programming/page/converting-and-using-an-ova-image-in-qemu)
[^4]: Seeing this for the first time gave me the I-shouldn't-be-doing-this jittery adrenaline rush.
[^5]: I'm a little surprised that the source code was included as opposed to precompiled `.class` files to further obfuscate what's going on, but then again by this point, with the GPG encryption and all, I don't imagine the module team was focused on preventing me from meddling around as much as they were focused on getting a module out of the door.
[^6]: There are 4.6e16 possible 11 character long random hex strings so I'd wager a collision will never happen at this scale.
[^6]: There are 4.6e16 possible 11 character long random hex strings so I'd wager a collision will never happen at this scale.