I recently came across SerenityOS when it was featured in hxp CTF and then on LiveOverflow’s YouTube channel. SerenityOS is an open source operating system written from scratch by Andreas Kling and now has a strong and active community behind it. If you’d like to learn a bit more about it then the recent CppCast episode is a good place to start, as well as all of the fantastic videos by Andreas Kling.
Two of the recent videos were about writing exploits for a typed array bug in javascript, and a kernel bug in munmap. The videos were great to watch and got me thinking that it would be fun to try and find a couple of bugs that could be chained together to create a full chain exploit such as exploiting a browser bug to exploit a kernel bug to get root access.
You don’t get articles like this very often – exploiting a small hobby operating system? Sure, why not.
This is interesting and suggests shifting to an obscure OS may not offer any protection out of the box for a semi-determined hacker. Has anyone hacked RiscOS or Haiku? I expect they are on somebody’s roadmap.
It’s the kind of bugs you get in C or C++ code, so Haiku and RISC OS are likely to have exploitable bugs in them too. The probability of someone actually trying to exploit them is very low though, unless you are being specifically targeted. You’re probably quite safe being online with MS-DOS even though a small bug in a browser would easily lead to total system compromise, since nobody is trying to exploit it any more (unless you download old DOS programs that contain old viruses, lol).
True but when you have empire building makework jobsworths with nothing better to do versus people being cleverdicks and going “Hah. Nobody expects the Spanish Inquisition” etctera somewhere out there is a fingerprinting system which is going to go “Oh, yeah?” and pull up all the queries and plugins to deal with that in a jiffy. It’s what I would do. Then I guess there are proxies and stuff which make this harder but that’s what obsessives are paid to think about.