|
|
|
|
|
|
by Retr0id
353 days ago
|
|
|
I got AI-generated vibes from the banner image, which surprised me because I wouldn't expect someone to generate something so trivial. So I investigated, lining up the real Spotify logo in GIMP - it doesn't match up, the details are different! But then I checked the image metadata: `Actions Software Agent Name : GPT-4o, OpenAI API` Doh, I should've saved time and checked that first. TIL OpenAI explicitly watermarks their output images via metadata. It even has c2pa signatures (which I didn't bother trying to verify) |
|
|
The ebaf executable checks the current directory by default, to look for the ebpf code to load[1].
So, running the install script this allows any ebpf code to be loaded into the kernel without a sudo password. You probably don't want this! (I'm pretty sure that'd be enough for a root LPE)
Further, the ebaf executable writes logs to a file named `/tmp/ebaf-stats.dat` [2]. An unprivileged user could put a symlink here, causing the destination file to get clobbered.
It also re-resolves all domain names every 600 seconds. Given that there are over a thousand domains listed, that's quite a lot of DNS traffic! [3]
Also, the "web dashboard" claims to listen on localhost, but it actually listens on INADDR_ANY [4]
[0] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[1] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[2] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[3] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...
[4] https://github.com/Kazedaa/eBAF/blob/8f88cefe0b5a837aa99f454...