orz

a || ls | xargs tac

一些文本处理工具

https://101.lug.ustc.edu.cn/Ch09/

那个 cve

https://seclists.org/oss-sec/2023/q4/18

 The dynamic loader is extremely
security sensitive, because its code runs with elevated privileges when
a local user executes a set-user-ID program, a set-group-ID program, or
a program with capabilities. 

什么是 set-user-ID program

利用不合法的环境变量产生溢出如 tunable1=tunable2=AAA

溢出到哪里呢？可以看这个 __minimal_malloc 函数在 malloc 尚未初始化的时候，从 mmap 分配的整夜内存中临时分一些小内存