Discover gists

Your First Format String Attacks.

1. What's the `Format String Bugs'?

　Format String Bugs(以降, FSBとする)とは, sprintf()やfprintf()などのprintf関数群やsyslog()などのFormat Strings(以降, 書式指定子とする)を扱える関数において, ユーザが自由に書式指定子を配置できるバグである. これを利用した攻撃手法をFormat String Attacksと呼び, この攻撃によりターゲットとなるプロセスがアクセス可能な任意のメモリの読み書きが行えるようになる. また, それを利用しプログラムの制御を乗っ取ることも可能である.
　実際のプログラムに多く存在するとは到底言えないような脆弱性ではあるが稀に見つかることはある. CVE-2012-0809[1]ではsudoのデバッグ機能にFSBが見つかり, 実際にlocal exploitが公開されたりもした. 前述の通り珍しいものではあるが, 任意のメモリの書き換えができるなど非常に強力なものであることからCTFではよく題材にされる.
　この記事ではFSBの検証に以下の環境を使用した.

sh-4.3$ uname -a
Linux Arch_Laptop 4.0.4-1-ARCH #1 SMP PREEMPT Mon May 18 06:43:19 CEST 2015 x86_64 GNU/Linux

Gemini API with JSON schema

Overview

These are sample scripts in Python and Node.js for controlling the output format of the Gemini API using JSON schemas.

Description

In a previous report, "Taming the Wild Output: Effective Control of Gemini API Response Formats with response_mime_type," I presented sample scripts created with Google Apps Script. Ref Following its publication, I received requests for sample scripts using Python and Node.js. This report addresses those requests by providing sample scripts in both languages.

Git Commit Best Practices

Basic Rules

Commit Related Changes

A commit should be a wrapper for related changes. For example, fixing two different bugs should produce two separate commits. Small commits make it easier for other developers to understand the changes and roll them back if something went wrong. With tools like the staging area and the ability to stage only parts of a file, Git makes it easy to create very granular commits.

Commit Often

Committing often keeps your commits small and, again, helps you commit only related changes. Moreover, it allows you to share your code more frequently with others. That way it‘s easier for everyone to integrate changes regularly and avoid having merge conflicts. Having large commits and sharing them infrequently, in contrast, makes it hard to solve conflicts.

	//
	// Lookup Tables for Marching Cubes
	//
	// These tables differ from the original paper (Marching Cubes: A High Resolution 3D Surface Construction Algorithm)
	//
	// The co-ordinate system has the more convenient properties:
	//
	// i = cube index [0, 7]
	// x = (i & 1) >> 0
	// y = (i & 2) >> 1

	https://www.nseindia.com/corporates/datafiles/AN_NAV_LATEST_ANNOUNCED.csv
	https://www.nseindia.com/corporates/datafiles/BM_All_Forthcoming.csv
	https://www.nseindia.com/corporates/datafiles/CA_TODAY_SPLIT.csv
	https://www.nseindia.com/corporates/datafiles/CA_TODAY_BONUS.csv
	http://www.nseindia.com/corporates/datafiles/CA_LAST_1_MONTH_BONUS.csv
	https://www.nseindia.com/corporates/datafiles/CA_LAST_1_WEEK_SPLIT.csv
	https://www.nseindia.com/corporates/datafiles/CA_LAST_1_WEEK_BONUS.csv
	https://www.nseindia.com/corporates/datafiles/CA_MORE_THAN_24_MONTHS_SPLIT.csv
	https://www.nseindia.com/corporates/datafiles/CA_MORE_THAN_24_MONTHS_BONUS.csv
	http://www.nseindia.com/corporates/datafiles/CA_LAST_1_MONTH_RIGHTS.csv

	#include <stdio.h>
	#include <stdbool.h>
	#include <string.h>

	#define MAX_SIZE 100

	struct Stack{
	int top;
	char arr[MAX_SIZE];
	} st;

	/* Fonts */

	/* Family */
	h1 {
	font-family: 'Julius Sans One', sans-serif;
	}

	h2 { /* Contact, Skills, Education, About me, Work Experience */
	font-family: 'Archivo Narrow', sans-serif;
	}

	REM Windows Search
	sc config WSearch start=disabled
	REM SSDP Discovery
	sc config SSDPSRV start=disabled
	REM Geolocation Service
	sc config lfsvc start=disabled
	REM ActiveX Installer
	sc config AXInstSV start=disabled
	REM AllJoyn Router Service
	sc config AJRouter start=disabled

	#!/usr/bin/env zsh

	git show-branch -a \
	\| grep '\*' \
	\| grep -v `git rev-parse --abbrev-ref HEAD` \
	\| head -n1 \
	\| sed 's/.\[\(.\)\].*/\1/' \
	\| sed 's/[\^~].*//'

	# How it works: