linux-security
Safeguard articles tagged "linux-security" — guides, analysis, and best practices for software supply chain and application security.
12 articles
CTF Writeup: Container SETUID Escape Techniques
A container-local root shell is not the flag. CVE-2019-5736 and CVE-2021-4034 both show how a SETUID binary inside a container can become a host compromise.
The CUPS RCE Chain: A Technical Breakdown of CVE-2024-47176
Four medium-severity CUPS bugs chained into unauthenticated RCE on UDP/631 — a masterclass in why CVSS scores per-CVE miss the real risk of a vulnerability chain.
regreSSHion OpenSSH RCE vulnerability CVE-2024-6387
CVE-2024-6387 "regreSSHion" is a signal handler race condition in OpenSSH's sshd enabling unauthenticated root RCE on glibc-based Linux systems.
What is Privilege Escalation
Privilege escalation turns a minor foothold into a full breach. Learn the techniques, real-world examples, and how to detect and stop it.
The XZ Utils Backdoor Explained
A trusted maintainer, years of quiet social engineering, and one hidden SSH backdoor: how CVE-2024-3094 nearly compromised the global Linux supply chain.
Shellshock Bash environment variable RCE (CVE-2014-6271)
A 2014 parsing flaw in Bash's function-export handling let attackers run arbitrary commands via environment variables — and it's still exploited today.
sudo -e/sudoedit privilege escalation bypass (CVE-2019-14287)
CVE-2019-14287 let sudo users bypass "run as any user except root" rules via `sudo -u#-1`, gaining full root. Here's how it worked and how to fix it.
Privilege escalation vulnerabilities explained
Privilege escalation vulnerabilities turn a low-privilege foothold into root or admin access. Learn how they work, key CVEs, and how to detect them.
The XZ Utils Backdoor: A Timeline and Technical Post-Mortem
A technical post-mortem of CVE-2024-3094, the XZ Utils backdoor: how a trusted maintainer identity was used to plant a supply chain backdoor in sshd.
CUPS Vulnerability Chain: Remote Code Execution via Linux Printing
A chain of vulnerabilities in the CUPS printing system allows unauthenticated attackers to achieve remote code execution on Linux systems by exploiting how printers are discovered and configured.
Snap Store and Flatpak Security Models Compared
Universal Linux packaging formats promise sandboxed applications. Their security models differ significantly, and neither delivers the isolation most users assume.
eBPF for Security Monitoring: What It Can and Cannot Do
eBPF is being called the future of security observability. It is genuinely powerful, but it is not a magic bullet for runtime security.