this post was submitted on 27 Jul 2023
908 points (98.3% liked)
Malicious Compliance
19593 readers
1 users here now
People conforming to the letter, but not the spirit, of a request. For now, this includes text posts, images, videos and links. Please ensure that the “malicious compliance” aspect is apparent - if you’re making a text post, be sure to explain this part; if it’s an image/video/link, use the “Body” field to elaborate.
======
-
We ENCOURAGE posts about events that happened to you, or someone you know.
-
We ACCEPT (for now) reposts of good malicious compliance stories (from other platforms) which did not happen to you or someone you knew. Please use a [REPOST] tag in such situations.
-
We DO NOT ALLOW fiction, or posts that break site-wide rules.
======
Also check out the following communities:
[email protected] [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'd love to hear more about this - do you do it professionally (for preventative reasons), as a side hobby, or as an attacker for malicious/selfish reasons? No judgement, genuinely curious as it takes a certain personality type to do this kind of work and I find it really interesting.
I think they just stare at it, hoping the vulnerabilities come to them in a moment of revelation. A Linux Joseph Smith, the kernel playing the part of the Golden Plates.
The small overlap of my two largest hobbies, programming and making fun of Mormons. Perfect.
OP said this happened in Utah, so maybe so!
Professionally
My title is senior vulnerability researcher. Focus on mobile devices. That’s all I can really say without doxing too much
But the Linux kernel is always a juicy target because of the coverage and exploit there gets you.
Neat. Why is Linux kernel relevant for many mobile users? Is iPhone built off of it the same way Mac OS is?
What do you mean by coverage and exploit?
MacOS and iOS have Darwin as their base, which is really a mutt. Apple started with the NeXTSTEP kernel, which was a mix of 4.3BSD and Mach, then folded in some FreeBSD, other open source components, and some in-house code.
It's Android that uses the Linux kernel as its base, and the millions of phones makes it a juicy target.
Not too surprising that iOS has linux in its DNA, but never realized Android does too. Always assumed it was more windows-based. Good to know.
iOS doesn’t have any Linux.
FreeBSD is not Linux. Linux is a kernel and Apple uses Mach, a different kernel. They do both share that they’re POSIX, but OS X is actual, factual, UNIX, and Linux has never paid the money to qualify.
My bad I'm conflating bash and Unix. From my end both apple and Linux use bash so they have the same underlying base...but I realize that's not accurate, and even unix and bash are not synonomous.
How different is the FreeBSD kernel from the Linux kernel?
Like in terms of interfaces, if I were to port a device driver, am I just changing some header files and some constants/enums/ifdefs?
Or there’s like entirely different function signatures / APIs?
I would look at the source of LinuxKPI to get an idea of how different they are.
Well of course I could go look at the source code. We had to write a hello world Linux module in college. Was just being lazy and thought some expert might give a quick synopsis.
Though based on your reply, I’m guessing they are more different than I imagined.
MacOS is based of a BSD distrobution of Unix. iOS is a fork of MacOS
Ah ok makes sense