-
nuegia.net
> y'all use a security focused memory allocator on your servers? Sapotaceae, what's the point?
-
Sapotaceae
They can directly mitigate many forms of double free, use after free, write after free, and invalid free which are common vulnerabilities
-
moparisthebest
That's a strange way to write "RiiR"
-
nuegia.net
Sapotaceae, can yoou explain why those are problems?
-
nuegia.net
if i understand it correctly, this is memory leaking confidential data due to not zeroing before use correct?
-
nuegia.net
isn't it the program's fault for not deallocating memory after it's done with it not the memory allocator?
-
nuegia.net
any real world benefit from say, running prosody with glibc malloc vs ottomalloc?
-
nuegia.net
I tried changing the default malloc system-wide before
-
nuegia.net
on a linux system
-
nuegia.net
ended up with weird segmentation faults
-
nuegia.net
but most programs did accept a new malloc, and some had noticable performance improvements from sqitching say, qbittorrent from glibc malloc to jemalloc
-
nuegia.net
i know that openbsd uses ottomalloc system wide
-
nuegia.net
are there any security focused mallocs in the debian repositories?
-
nuegia.net
freebsd repositories?
-
nuegia.net
libhardenedmallouc has little effect on increasing prosody's memory usage
-
nuegia.net
my guess is that's probably because prosody doesn't make a bunch of small allocations
-
nuegia.net
but on other things like gettys it brings the resident usage from less than 1mb to 2-3 mb
-
nuegia.net
also interesting is that every process hardenedmalloc is used with reports a 12T virtual memory usage
-
Link Mauve
moparisthebest, weird segmentation faults are exactly the goal, when a (C) program is not using the allocated memory correctly, instead of silently continuing operations in a corrupted state or potentially leaking data, it will crash properly.
-
Link Mauve
nuegia.net, *
-
nuegia.net
I understand
-
nuegia.net
thankyou
-
Link Mauve
Of course, once you get a segfault, you should investigate into it, debug out why it happens and in which situation, and then report it or even fix it.
-
Link Mauve
Similar to asan, ubsan, valgrind, etc., it can be a tool which helps make fewer C mistakes.
-
nuegia.net
I'll be testing libhardened_malloc with prosody and biboumi
-
nuegia.net
If anybody is interested in the results let me know
-
Link Mauve
The devs of these two projects most likely.
-
musaab22
A
-
musaab22
N
-
Menel
That was informative 🙂 (well not the last two posts)
-
Guus
Have others noticed a recent uptake in spam?
-
MattJ
No, what kind of spam?
-
Guus
short messages that appear to poll for activity
-
MattJ
I had one message recently asking if I was free for a chat. It wasn't clearly spam, but it wasn't clearly not, so I just ignored it
-
Guus
from accounts on xmpp.jp, jabber.de, im.apinc.org, yourdata.forsale, 0day.im, for a cursory look.
-
MattJ
Haven't received anything else
-
Guus
The spam run very clearly started on October 20
-
Guus
is jabber.de operated by someone that we know in the community?
-
Link Mauve
Guus, im.apinc.org is handled by us, could you give me (in private perhaps) the list of JIDs that have been spamming you?
-
Link Mauve
Now and in the future, any spam message originating from our domains is an instant ban.
-
Guus
will do, tx
- Ge0rG checks server logs for spam
-
nuegia.net
i've not had that spam but I have had russian bots asking for a job
-
nuegia.net
and just repeating the same sentence in russian over and over again in mucs
-
msavoritias
Happened in some of mu mucs here too. And still happening as of this morning
-
nuegia.net
msavoritias, what domain is it coming from?
-
msavoritias
The one from a few days ago conversations.im Not sure about the one today. Not a mod there
-
Ge0rG
My #1 ingress spam domain is chinwag.im but it's got the most messages per flagged account
-
Ge0rG
exploit.im has the most bots, with 1 message each
-
Ge0rG
but it doesn't look like more spam than earlier, total 13k spam messages in the last 2 weeks
-
nuegia.net
I wonder if the people spamming realize how much time it takes out of all of us and how visible they are
-
nuegia.net
when we have these 'waves' to deal with
-
Guus
chinwag is on my list too.
-
emus
The admin has been contacted? hes from australia and should be reachable
-
nuegia.net
the emus are currently fighing over him between the spiders
-
emus
^^
-
emus
neat
-
Guus
emus, can you send me his contact details?
-
nuegia.net
Never underestimate an Emu. You Will Lose. https://en.wikipedia.org/wiki/Emu_War
-
emus
Done!
-
Ge0rG
nuegia.net: that's called an "externality" in economic theory.
-
nuegia.net
XD
-
Guus
This is a list of domains that I received spam from, for which I don't have admin contacts. If anyone recognizes a domain as their own (or knows how to get in contact with an admin), I appreciate a message. https://pastebin.com/Y0XjUW9a
-
emus
blabber.im should be offline
-
Licaon_Kter
Guus: 404.city admin was here yesterday, as usual to complain on something that was not "perfect" creep.im admin was around, I can try and ping them if you PM me some accounts that spammed
-
mike
Hey folks, this is weird I've been showing as connected to operators but seen no messages since October 28. If anyone's got a list of Chinwag accounts dropping spam please mail it to admin@chinwag.im and I'll nuke them immediately
-
Guus
mike, I just sent you a subscription request
-
mike
I had a few that I spotted a while back that activated and started spamming, they were all registered back in 2018. I figured someone was burning old reserves and had run out
-
emus
Guus: possibly wrong ID
-
msavoritias
404 also says this email for abuse support@404.city
-
msavoritias
5 of july is this info@5july.org
-
mike
My published abuse contact info should show mailto:admin@chinwag.im I do monitor that.
-
msavoritias
Interesting that there is even the CCC xmpp server in there
-
emus
msavoritias: but the ccc server is a probllem for years alreaady
-
msavoritias
Ah wasnt aware 😅
-
Guus
Oh, I messed up a timestamp when generating that list of offending domains. The still have accounts that spam, but I didn't limit that to the last 2 weeks or so.
-
Guus
This is the list of domains that had accounts that _recently_ spammed: https://pastebin.com/Wc8S6iFD
-
mike
Yeah confirmed at least one more reactivated that's been dormant since 2018. This spammer is very patient.
-
Guus
I'm guessing that there are lists of credentials for accounts-to-be-used-for-spam floating around.
-
Link Mauve
For sure.
-
Licaon_Kter
mike: no yearly cleanup of inactive accounts?
-
mike
Not if they have ever been used. I only sweep registered but never logged into.
-
mike
If someone only has something to say every ten years, that's fine. Given there's rarely any way to contact out of band and warn of upcoming deletion I'm very adverse to it.
-
MattJ
Actually deleting accounts is problematic anyway, better to lock or tombstone them
-
mike
definitely.