This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning

This week starts out with a nifty vulnerability in the glibc dynamic loader. This is an important step in running a binary executable on Linux, as it pulls the list of required shared libraries, and loads those libraries into memory. Glibc also includes a feature to adjust some runtime settings, via the GLIBC_TUNABLES environment variable. That’s where the vulnerability resides, and researchers from Qualsys obviously had a bit of fun in taking inspiration to pick the vulnerability name, “Looney Tunables”.

The problem is memory handling in the sanitizing parser. This function iterates through the environment variable, looking for strings of tunable1=aa, separated by colons. These strings get copied to the sanitized buffer, but the parsing logic goes awry when handling the malformed tunable1=tunable2=AAA. The first equals sign is taken at face value, copying the rest of the string into the buffer. But then the second equals sign is also processed as another key=value pair, leading to a buffer overflow.

The reason this particular overflow is interesting is that if the binary to be run is a Set-User-ID (SUID) root application, the dynamic loader runs as root, too. If the overflow can achieve code execution, then it’s a straightforward privilege escalation. And since we’re talking about it, you know there’s a way to execute code. It turns out, it’s possible to overwrite the pointer to the library search path, which determines where the dynamic loader will look for libraries. Tell it to look first in an attacker-controlled location, and you can easily load a malicious libc.so for instant code execution.

This vulnerability affects many Linux distros, and there’s already a Proof of Concept (PoC) published. So, it’s time to go check for updates for cve-2023-4911. Continue reading “This Week In Security: Looney Tunables, Not A 0-day*, And Curl Warning”

Do Bounties Hurt FOSS?

As with many things in life, motivation is everything. This also applies to the development of software, which is a field that has become immensely important over the past decades. Within a commercial context, the motivationĀ  to write software is primarily financial, in that a company’s products are developed by individuals who are being financially compensated for their time. This is often different with Free and Open Source Software (FOSS) projects, where the motivation to develop the software is in many cases derived more out of passion and sometimes a wildly successful hobby rather than any financial incentives.

Yet what if financial incentives are added by those who have a vested interest in seeing certain features added or changed in a FOSS project? While with a commercial project it’s clear (or should be) that the paying customers are the ones whose needs are to be met, with a volunteer-based FOSS project the addition of financial incentives make for a much more fuzzy system. This is where FOSS projects like the Zig programming language have put down their foot, calling FOSS bounties ‘damaging’.

Continue reading “Do Bounties Hurt FOSS?”

PyOBD Gets Python3 Upgrades

One of the best things about open source software is that, instead of being lost to the ravages of time like older proprietary software, anyone can dust off an old open source program and bring it up to the modern era. PyOBD, a python tool for interfacing with the OBD system in modern vehicles, was in just such a state with its latest version still being written in Python 2 which hasn’t had support in over three years. [barracuda-fsh] rewrote the entire program for Python 3 and included a few other upgrades to it as well.

Key feature updates with this version besides being completely rewritten in Python 3 include enhanced support for OBD-II commands as well as automating the detection of the vehicle’s computer capabilities. This makes the program much more plug-and-play than it would have been in the past. PyOBD now also includes the python-OBD library for handling the actual communication with the vehicle, while PyOBD provides the GUI for configuring and visualizing the data given to it from the vehicle. An ELM327 adapter is required.

With options for Mac, Windows, or Linux, most users will be able to make use of this software package provided they have the necessary ELM327 adapter to connect to their vehicle. OBD is a great tool as passenger vehicles become increasingly computer-driven as well, but there are some concerns surrounding privacy and security in some of the latest and proposed versions of the standard.

DIY Pan And Tilt Camera Mount

Pan and tilt mounts have a number of uses that can increase the functionality of various types of cameras. Security cameras can use them to adjust the field of view remotely, astronomers can use them as telescope mounts to accurately track celestial objects, and of course photographers and videographers can use them to add dynamic elements to shots. But getting the slow, smooth, and reliable movement isn’t as simple as slapping some servos on a tripod. So unless you want to break the bank for a commercial mount, this DIY pan and tilt mount might be the way to go.

The mount is built largely out of 3D printed parts and a few fairly common motors, belts, pulleys, and bearings. The movements are controlled using stepper motors, and there are two additional systems built in so that focus and zoom can be controlled through the system as well. The software controlling it all is open-source andĀ  available on GitHub, and controls the mount remotely through a network connection. It’s also designed to use the readily-available ESP32 chip, making it overall fairly adaptable.

The system doesn’t slouch on features, either. It can move from one point to another with various programmable speeds, has a key sequencer for more complex movements, and can accommodate the needs of stop motion animators as well. It’s an impressive build that should be accessible to plenty of photographers with a 3D printer and the right parts, but photography and astronomy aren’t the only reasons to use a pan and tilt mount. Check out this one that brings some sunlight to a shaded room.

SLR To DSLR Conversion Becomes Full Camera

At least as far as the inner workings are concerned, there’s not a whole lot of difference between an single-lens reflex (SLR) camera that uses film and a digital SLR (DSLR) camera that uses an electronic sensor except the method for capturing the image. So adding the digital image sensor to a formerly analog camera like this seemed like an interesting project for [Wenting Zhang]. But this camera ballooned a little further than that as he found himself instead building a complete, full-frame digital camera nearly from scratch.

The camera uses a full-frame design and even though the project originally began around the SLR mechanism, in the end [Wenting] decided not to keep this complex system in place. Instead, to keep the design simple and more accessible a mirrorless design is used with an electronic viewfinder system. It’s also passive M lens mount, meaning that plenty of manual lenses will be available for this camera without having to completely re-invent the wheel.

As far as the sensor goes, [Wenting] wanted something relatively user-friendly with datasheets available so he turned to industrial cameras to find something suitable, settling on a Kodak charge-coupled device (CCD) for the sensor paired with an i.MX processor. All of the electronics have publicly-available datasheets which is important for this open-source design. There’s a lot more work that went into this build than just picking parts and 3D printing a case, though, and we’d definitely recommend anyone interested to check out the video below for how this was all done. And, for those who want to go back to the beginnings of this project and take a different path, it’s definitely possible to convert an analog SLR to a digital one.

Continue reading “SLR To DSLR Conversion Becomes Full Camera”

DIY Eye Tracking For VR Headsets, From A To Z

Eye tracking is a useful feature in social virtual reality (VR) spaces because it really enhances presence and communication when one’s avatar has a realistic gaze. Most headsets lack this feature, but EyeTrackVR has a completely open source solution ready for anyone willing to put it together.

Camera is visible in lower right corner.

EyeTrackVR is a combination of hardware, software, and 3D printable mounts for attaching a pair of microcontroller boards, cameras, and IR LEDs to just about any existing VR headset out there. An ESP32-based board and tiny camera module watches each eyeball, and under IR illumination the pupil presents as an easily-identified round black area. Software takes care of turning the camera’s view of the pupil into a gaze direction value that can be plugged into other software.

The project is still under active development, but in its current state is perfectly suitable for creating a functional system that can integrate into a variety of existing headsets with printed mounting brackets. Interested? Check out the intro and if it sounds up your alley, dive into the build guide which spells out everything you need to know. Check out the video below for a demo of EyeTrackVR working in VRChat, along with an overview of software support.

We’ve seen headsets built to custom specs that integrate eye tracking, but even if one is repackaging an existing headset that’s a perfect opportunity to include this feature.

Continue reading “DIY Eye Tracking For VR Headsets, From A To Z”

Open-Source Firmware For Soldering Irons

For most of us, the first soldering iron we pick up to start working on electronics has essentially no features at all. Being little more than resistive heaters plugged straight into the wall with perhaps a changeable tip, there’s not really even a need for a power switch. But doing anything more specialized than through-hole PCB construction often requires a soldering iron with a little more finesse, though. Plenty of “smart” soldering irons are available for specialized soldering needs now, and some are supported by the open-source IronOS as well.

The project, formerly known as TS100, is a versatile soldering iron control firmware that started as an alternative firmware for only the TS100 soldering iron. It has since expanded to have compatibility with several other soldering irons and hosts a rich set of features, including temperature control, motion activation, and the ability to temporarily increase the temperature when using the iron. The firmware is also capable of working with irons that use batteries as well as irons that use USB power delivery.

For anyone with a modern smart soldering iron, like the Pinecil or various Miniware iron offerings, this firmware is a great way of being able to gain fine control over the behavior of one’s own soldering iron, potentially above and beyond what the OEM firmware can do. If you’re still using nothing more than a 30W soldering iron that just has a wall plug, take a look at a review we did for the TS100 iron a few years ago to see what you’re missing out on.

Photo via Wikimedia Commons