Much respect to Andreas Kling. We take these projects for granted sometimes. We should give these guys the credit and respect they deserve. They don't ask for one cent. Wishing him happiness and wealth!

11:05 This is not true! That Vector type is from the AK namespace (with the namespace omitted due to frequency of use) -- it is NOT a standard vector, nor an implementation of it. Although you're probably still right about the linear complexity, just wanted to clear that up. -Also for fun points, the AK library stands for Andreas Kling :^)- I have lied, it stands for Agnostic Kit, not Andreas Kling.

@networkException

3 жыл бұрын

oooh I always wondered what AK meant, thank you for sharing

@erwinjitsu_3706

3 жыл бұрын

It means Автомат Калашникова or also known as Automat Kalašnikov or Automat Kalashnikov. You know, the cheap rifle.

@andresvieira7943

3 жыл бұрын

I might be wrong as I can't find the source, but I think that on one of the Car Talk videos someone asked about that. As a response I think Andreas stated that it was just a coincidence, but that the name AK comes from.. apple? (might be wrong, nokia?), being derived from Application Toolkit, just a container namespace for tools with a handy, compact name.

@aymensekhri

3 жыл бұрын

I was wondering about the meaning of AK since a long time lol

@kiro_f

3 жыл бұрын

I believed Andreas talked about how it referred to Agnostic Kit

I just loved this video for several reasons namely: 1. You showed exactly how to search for details for the problem in question. 2. You showed how to ignore the steps not relevant for the problem and what to care about 3. You showed how to get around technical details and getting an experiment done without being too technical about low level stuff and still getting a useful outcome. I'd love to see more videos like that, because they are well structured and give a nice learning path.

11:05 Actually, the Vector class used in SerenityOS is custom, especially in the kernel. You can't use the standard library in freestanding environments such as the kernel. But they are very similar, so you can definitely look up the std docs to learn something about it.

@Mankindux

2 жыл бұрын

searched this comment to say that.

@thewhitefalcon8539

Жыл бұрын

You can totally use it with some patches. C++ allows you to override global "operator new"

@gianni50725

Жыл бұрын

@@thewhitefalcon8539 you definitely can, but in the kernel it's not too useful. you want to have total knowledge of what allocates and in what circumstance beyond the info the standard provides besides, the most useful headers (e.g. atomic) have freestanding implementations (or they're supposed to... it's a bit of a pain to set up still.)

@thewhitefalcon8539

Жыл бұрын

@@gianni50725 Actually you do not need the kernel to have full knowledge of everything. It's useful in mature kernels to have that kind of introspection ability (see what is using up your memory) but it's not required for a toy or prototype

The way you edit your videos is fuckin dope! Feels like it makes the such heavy technical topics you go after so watchable and almost fun to [try and] follow along with!👌

Serenity is such an interesting project

Thank you for constantly providing such high quality educational videos. Thanks a lot

Fun fact: Linux also started as a "toy project"

@Extys

3 жыл бұрын

"Nothing serious" - Linus, 1991

@xmine64

3 жыл бұрын

Linux doesn't worth more but people are taking it serious. Just take a look at a real Unix/real OS.

@defofoff987

2 жыл бұрын

@@xmine64 What about 90% of the public cloud workload that is being run by Linux?

@kumarisuman4565

2 жыл бұрын

@@xmine64 Seems you live in a fourth world!

@andreicapi3535

2 жыл бұрын

@@kumarisuman4565 😂

Wow, I actually didn't know that $ was a legal character in c++ identifiers.

@OmarChida

3 жыл бұрын

Same here!

@overlisted

3 жыл бұрын

in js too

@RedStone576

3 жыл бұрын

Damn

@PhoenixClank

3 жыл бұрын

@@overlisted That much is obvious, since jQuery defines a function called $

@OMGclueless

3 жыл бұрын

Technically $ is not a legal character in C++ identifiers according to the standard. But it allows for implementation-defined identifier characters, and MSVC and GCC both allow $, so there you go.

Very informative channel... Highly unrated... Keep up the good work...

My first thought was to use an excessive number of threads to introduce a larger timing window. My second thought was to start new threads in the middle of the old threads being destroyed.

Do TempleOS next 😂

@treyquattro

3 жыл бұрын

did you get all my error messages?

@zanidd

3 жыл бұрын

@@treyquattro no only this one

@dannwe123

3 жыл бұрын

He will not be able to find a bug, keep in mind it was created using divine intellect.

@heavy0119

14 күн бұрын

@@dannwe123 it's so bug ridden that Terry didn't even write a network stack lmao

Man your intro is just nostalgic 😍

Very great explanation!

Wow the hax program makes an ad appear you are a cool hacker :D

Your exploit explanations are amazing! I hope u don't mind a bit of unsolicited advice, but I personally find browsing the source code documentation generated by ctags inline when ur already using vscode is much more preferable than having to google things or look at the header file.

Now that you explain it this bug is very cool. I should look at race conditions more.

Great content as always 😍

Excellent points being raised

@mccoysebrell630

3 жыл бұрын

Especially the extra underscore

This is extremely awesome

Worth video 🔥🔥 Keep rock bro..

Thank you for this video!

Is it convenient to practice buffer overflow or string formatting, even when these types of exploits are no longer so common (because systems are more protected)? What kinds of things should you investigate to find vulnerabilities in more current systems?

This is great content!

Great video. My fav channel :)

Just as a thought experiment, cant you also increase the time it takes to reach the euid set by slowing down kill_threads_except_self by spawning many Threads beforehand?

He's back.

Amazing! Thank you

serenity is cool af

Thanks! V3ry interesting topic

True man, Serenity is great, we have a lot of space to implement basic stuff in Serenity OS

I wish,i had him as teacher,during my bachelors.

@priyanshugupta3207

3 жыл бұрын

Well, Having him on KZread is best for u and everyone, Right?? :)

@AkashSingh-uk5ub

3 жыл бұрын

@@priyanshugupta3207 Absolutely,why should only i have all the fun 😀

@Asdayasman

3 жыл бұрын

What’s with your use of commas dude?

@AkashSingh-uk5ub

3 жыл бұрын

@@Asdayasman uhhm ummh uhhhm ...

@tacokoneko

3 жыл бұрын

i paid for university for 4 years and got 95 credits and failed, waste of money. videos like this for free are a much better deal

Thanks for the video =)

thank you 🙏🏻🙏🏻🙏🏻

Looking forward to a video "Linux vs Mental Health" 😀

Hi... I know this is old post but I want to comment something... What happens if you filter all inputs? Like by integers or chars only and sanitize all before...? It's more hard to found vulns?😁

you are incredible :)

A different way to exploit kill_threads_except_self and make the execution take longer (so that the ptrace poke from another process has time to work), might be to create a large number of threads with resources in those threads which this kill_threads_* code needs to clean up. Maybe an alternative to using unveil.

@Keldor314

3 жыл бұрын

I was looking at that too. Also, what happens if some of those threads have things like open file handles? Bad things can happen if the rug is pulled at certain critical points, so presumably the OS would have safeguards to prevent this. Though I expect these would be resolved in the set_thread() call, which is too early to take advantage of.

If the scheduler could run on multiple cores, there could still be a race condition by running yields, if the check in the scheduler could run before the action of the scheduler. Try slowing down the scheduler too, and make sure the VM has at least two physical cores.

gREAT JOB.

Thanks

That's why I say learn Minix, it's so small and easy to understand. If you learn Minix you will essentially learn SerenityOS

@tacokoneko

3 жыл бұрын

i think i understand now, by the time you understand linux perfectly enough to be a linux kernel developer, you have already had to learn every other unix like os that exists, like stepping stones

@NetworkITguy

3 жыл бұрын

@@tacokoneko More or less, this video showed you kind of just need to learn three'ish OSs. Which OSs you learn from dictate how much time you'll spend, minix versus SerenityOS versus full on Linux (like slackware). Then wherever you start you can move to ReactOS to start understanding Windows. By the way being a kernel developer is a totally different concept then just trying to understand operating system theory and practice.

@tacokoneko

3 жыл бұрын

@@NetworkITguy yes as he has said, to be a kernel developer you have to read and understand a kernel source code and then change it it be better. i dont want to understand windows i only like GNU/Linux and other unix like operating systems

After completing the Operating System Course at my Univiersity I wish i knew about serenity OS earlier. As we also had to implement features like exec in a C++ Kernel following the POSIX standard, this would have been much more usefull than trying to understand the Linux implementation. Still thank you for this awsome video! :)

As always great video :)

It's interesting that this bug proposed can't happen because of lack of SMP support: there's nothing to stop the other threads there, and it relies on being in kernel implying nothing else is running

When I wrote the threading code for FreeBSD I put changes in both exec and fork to make sure that other threads did not proceed in the child or new process. It's pretty obvious if you think about it that only the running thread should continue.. Other threads will just "vanish"

There I was speculating about all of those unveil calls and from the generation of a long list of conspicuously irrelevant data I figured that must be a roundabout way of implementing a delay loop without the ability to inject code where you need it. While unconventional to build a large data structure just to serve as an iteration counter it still gets the job done when the input data to the loop is the only access you have to the desired delay injection point. After all it is an effective way of implementing the basic form of any delay loop which is simply for largeSet; do burnCyclesToWasteTime; done how that set is generated or the opcodes used to burn CPU cycles as a crude inefficient timer are arbitrary implementation details the result is the same.

have you compared it with FreeBSD as well?

I'm looking for the theme that the SerenityOS Dev uses. Looks really easy on eyes

Cool Beard :)

Much respect to Andreas Kling.

Talk about the massive solar winds hack please!

Lmao the “Linux vs Serenity” got to me 😭

this type of stuff interests me but i have ZERO clue what is actually going on hahaha

I am not getting most of the thing right now, will come back after primer

Push!

Yes, This means Linux is much sophisticated and harder to break or not ?

Lol interesting?? Super interesting !!

You making Andreas heart bleed saying his baby is unusable xDDD

11:05, Serenity Vector is not std::vector, serenity doesn't use std:: at all

@OmarChida

3 жыл бұрын

I was surprised and skeptical in the same time

@tacokoneko

3 жыл бұрын

if, as he's been saying, the _implementation_ is _very similar_ though, does that matter? if number of instruction cycles increases by the same factors, his point is the same

@chyza2012

3 жыл бұрын

@@tacokoneko If he knew it wasn't std::vector he wouldn't've gone to the documentation for std::vector, because its completely unrelated, you might as well be reading java documentation. Its clearly as mistake. He was correct about the time complexity by chance but that doesn't really change anything.

saying "nello" in thirtynine languages.. spelt different, completely different, sometimes sound similar or even nowhere close. but exactly the same thing. ish.... i am probably wrong with my analogy.

Love serenity

@LiveOverflow Any plans to start posting your content on LBRY/Odysee?

Redox OS next!

the beard is very scary

You could also read a good book. But why would that be fun :D

Kernelman has been destroyed by LiveOverflow

5 min into the video and i am already lost.

1:07 they are very useful for aimbots and other cheats yeah?

Wow, didn't know C++11 had anonymous functions, I had to try =D

@Cons-Cat

2 жыл бұрын

They got better in every update since then, and there's an accepted proposal in C++23 to continue improving them for the next update.

You look like the guy out superbad lol

hi

what ??

Probably people will yield at me but on both sides, code source could have more comments :-/ This is what I hate from programmers (and I am one): no comments, no PDF explaining algorithm/main purpose of the file, no examples, why calling functions in this particular order. I just get a laugh when hearing "and that sounds like one of the important functions"

@davidfrischknecht8261

3 жыл бұрын

I prefer writing self-documenting code. If your identifiers have decent names, you shouldn't need a whole lot of comments.

@quentinquadrat9389

3 жыл бұрын

@@davidfrischknecht8261 Half troll: I hope this does not mean to type 100+ char for each variable or function :/

@gabiold

3 жыл бұрын

Maybe I am wrong, but the code should be just as much commented as necessary for a competent programmer to understand the details, not more. The codes shown in the video is well readable in my opinion, and understandable if you dive deep enough into them. I think, teaching how a paricular system or subsystem works (in general, to a "stranger" who not familiar with the topic) is out of scope of the comments. Books or application notes or similar could be written separately, but it should not be in the comments. On a side note, programmers hate to write documents, which is understandable, especially for community-driven projects, as writing documentation terribly lowers the efficiency of programming. Which only lowers the accomplished tasks in a given time frame at best, but might lead to losing motivation at worst. Not everyone is a good teacher, one could possibly write excellent code, but have difficulty explaining it to non-competent people, thus it won't find it interesting.

42nd view i am therefore life

@tactileslut

3 жыл бұрын

, the universe and Everything.

As someone who only writes C I find it simpler to read the Linux source. The idea that C++ is "better" or "simpler" only exists in the generation that learnt object oriented programming. When I learnt to code (self taught mostly) we had assembler, C, Fortran or Pascal... that was pretty much it.

Brother, I recommend eating potatoes and pork fat ( сало), I suspect you will be feeling much better after you try it, seriously. As for the video, like always, I understand only the basic concepts - but a very interesting video indeed. Thank you!

@flflflflflfl

3 жыл бұрын

lol

@ThebigFlanc

3 жыл бұрын

Tf why

@proloycodes

2 жыл бұрын

wtf are you on?

1st

sixth comment!

Hi

@juuamjskn2420

3 жыл бұрын

first comment

Aku enggak paham bang artinya😭

Oooooo

Get fake

tell me what is your natural language? because all of your videos i thought your just an indian guy

@lummarh9385

3 жыл бұрын

He is german, his accent is strong but quite different from the Indian one

@sk8sbest

3 жыл бұрын

😂 indian wtf. He doesn't sound like it at all

@Asdayasman

3 жыл бұрын

Lmao are you the non-weeb version of me? Subbed to PoE stuff, chess stuff, and code stuff.

@kentmiggalen9756

3 жыл бұрын

@@lummarh9385 maybe it's just me i watched many Indian tutorial vids lately

@kentmiggalen9756

3 жыл бұрын

@@Asdayasman yes.. FINALLY!! YOU FOUND ME!!!!

SerenityOs kinda reminds me of TempleOs; both in naming and implementation

@Cons-Cat

2 жыл бұрын

How are their implementations similar? To me they seem night and day. TempleOS is 64 bit, Serenity is 32 bit. TempleOS was written in asm and jit-compiled HolyC, SerenityOS was written in asm and aot-compiled C++20. TempleOS was antithetical to POSIX / Unix, SerenityOS is extremely Unix-like. TempleOS deliberately has no internet capabilities or advanced graphics, Serenity is working towards having a Javascript and CSS compliant custom web browser and OpenGL conformant graphics implementation.

Bsd like licenses suck

like a mutex lock