codemicro/website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

typo

Browse source
This commit is contained in:
akp 2025-06-15 17:16:12 +01:00
parent d075f99338
commit df82084b46
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
site/blog/breaking-secnet-assignments/content.md
View file

@ -114,7 +114,7 @@ So, armed with this knowledge and the source code, it's trivially simple to comm
This entire attack was possible because I have the VM's disk image right here on my computer and I can do absolutely whatever I want to it, such as overriding its access control settings.
Within the aims of the module this is fine - this is an introuction to security module so if you can exploit it like this, you're not really the target audience and you've already achieved the aims of the module.
Within the aims of the module this is fine - this is an introduction to security module so if you can exploit it like this, you're not really the target audience and you've already achieved the aims of the module.
That said, if we're trying to make this attack impossible, something like hosting a remote VM for each student enrolled on the module that could be accessed only via SSH. This way, with appropriate access control measures, there'd be no way to dump secrets from `/root` short of a kernel bug. Realistically though, hosting 330 VMs like that would never fly - it's simply too expensive and time-consuming versus the benefit gained.