Hacker News: barco

New comment by barco in "Debugging an Undebuggable App"

barco — Mon, 17 Feb 2025 22:28:42 +0000

Does iOS have something like PTRACE_SYSCALL to hook up on syscalls entry and maybe change the return value? (Or detect where the SVC is being made)

New comment by barco in "Anyone can access deleted and private repository data on GitHub"

barco — Thu, 25 Jul 2024 13:58:53 +0000

I reported a variant of this issue that (to me) was unexpected:

* You add someone to your private repo.

* After some time, you revoke their access.

As long as they keep a fork (which you can't control) they can use this same method to access new commits on the repo and commits from other private forks.

Back in 2018, this was a resolved as won't fix, but it also wasn't documented.

New comment by barco in "Address Sanitizer Internals"

barco — Sat, 15 Jun 2024 21:52:03 +0000

There are multiple versions of HWAsan.

One for ARMv8 with Top-Byte-Ignore: you can use the top byte of memory addresses to store a tag.

When you allocate memory you return the "tagged" pointer and internally store "this region has this tag".

When you dereference a pointer, you check that the tag matches what you expect in your internal data structure.

With memory tagging extensions you can do something similar but the checks are performed by the processor.

New comment by barco in "Automated Unit Test Improvement Using Large Language Models at Meta"

barco — Sat, 17 Feb 2024 14:52:50 +0000

If you name it `NUMBER_ELEMENTS_AVERAGED`, then when you add a new element to average, you will miss the fact that you also need to modify that value :)

You either have them on a list and calculate it dynamically based on the size, or have it as a magic number.

New comment by barco in "Tell HN: GitHub will delete your private repo if you lose access to the original"

barco — Wed, 01 Feb 2023 01:37:35 +0000

Given the nature of super forks in GitHub, if you are no longer a contributor, but keep your fork, you would be able to see the commits that happen in the original repo and all its forks.

There used to be a way to bypass the deletion, which was to clone into a organization. That way, GitHub would not delete your fork. I am not sure if it is still the case.

I reported all this to GitHub a few years ago, but they said it was a non-issue .

GitHub lets users access private repos after they have been kicked out

barco — Wed, 23 Jan 2019 02:46:41 +0000

Article URL: https://www.reddit.com/r/programming/comments/airtdw/its_possible_to_access_private_github_repos_after/

Comments URL: https://news.ycombinator.com/item?id=18975216

Points: 2

# Comments: 0

New comment by barco in "Unix Syscalls"

barco — Wed, 08 Aug 2018 05:20:39 +0000

In x86 and x86_64 it doesn't matter whether the caller has control or not over the return address, because there's a change of privilege when the kernel returns from the interrupt (IRET instruction). So at that point it would be equivalent for the userspace app to just jump to whatever address it wants.

The caller does not have control over the return address. When int n or syscall instructions are executed, it's the processor who pushes the current context onto the kernel stack (pointed by ss0:esp0), so when you run iret, everything will go back to normal.

Even if the caller had control over this return address, the CR3 does not change [without taking KPTI into consideration], so the memory mappings will still be the same, and everything would be handled with paging enabled, so there's no "arbitrary physical address". You would only be allowed to jump to anything that you have already mapped, and given that there's a privilege change, you would only be able to access userspace memory.

This has nothing to do with whether the syscall parameters are passed down the stack or not. In x86 and x86_64, when you make a syscall and the kernel handles it, the stacks change, so if you were to pass parameters via the stack, you would need to be able to access the userspace stack from the kernel and it sounds like a mess (but possible). The registers, on the other hand, are available for the syscall handler to use, so it's easier to just set the parameters there.