Sway and hidepid

TL;DR: Mounting /proc with hidepid can prevent you from executing Sway as an unprivileged user from a tty.

Update (August 31): As expected, newly released wlroots 0.7.0 fixes this issue!

Following some reading about differences between X11 and Wayland, I decided to try the later out. I …

more ...

Linux Security Modules (Part 2)

This is the second part of an article about Linux Security Modules. You may want to read part one first.

Integration of an LSM to the Linux kernel

First of all, one should take a look at the include/linux/lsm_hooks.h file. You can see the following lines at …

more ...

Linux Security Modules (Part 1)

During last winter, I spent some time studying rootkits targeting the Linux kernel and I developed a tiny Linux Security Module (LSM) logging some events possibly related to rootkit presence. I might write an article or two on that subject but for now, I’d like to describe a bit …

more ...

Bypassing ASLR: Overwriting The .dynamic Section

I was recently confronted with a software exploit challenge on a CTF website that took me much more time to flag that I would have expected at first. The solution was closed to another one I knew but which was not working. I will provide a quick write-up of this …

more ...

Create Your Own Linux Container Using Namespaces

As part of a school project on OS-level virtualization, I am currently studying Linux kernel mechanisms that are responsible for isolation in containers. I found this very interesting talk about what containers are made from, by Jérôme Petazzoni from Docker. It ends with a quick demonstration which consists of …

more ...