Meego Harmattan Projects

Security Research

Local Root Exploitation & Escape from Aegis

• Ongoing research on breaking out of the Aegis sandbox
• Can an installed application run untrusted code?
• Can an installed application elevate permissions?
• Is the WebKit process sandboxing sufficient?
• Does Qt itself have problems?

Past Linux Security Experience

• Mempodipper Exploit for CVE-2012-0056
  • Blog post
  • Exploit code
  • LWN article
  • PCWorld article
• Calibre Exploits for CVE-2011-4124, CVE-2011-4125, and CVE-2011-4126
  • Numerous exploits
  • Bug report
  • LWN article
• PolicyKit Pwnage Exploit for CVE-2011-1485
  • Exploit code
• LD_AUDIT Exploit for CVE-2010-3856
  • Exploit code
• Netgraph Exploit for CVE-2008-5736
  • Exploit code
• TCP_MAXSEG Exploit for CVE-2010-4165
  • Exploit code

Networking & Connectivity Utilities

VPN Tunnel Manager

• Easy GUI for managing the configuration of:
  • OpenVPN connection
  • Iodine DNS connection
• Current status: Iodine working well.

PulseAudio Remote Audio Interface

• Manager for sending PulseAudio streams to remote servers.
• Easy interface that detects local PA servers with mdns and populates QML list.
• Current status: Capable of sending audio to remote server and using telephone as remote mic.

Google Voice Integration

• Full Qt Quick GUI for managing Google Voice account
• Integration with native SMS app
• Current status: Able to hook SMS in and out via telepathy APIs and the Nokia GSM DBus service.

Command-line Utilities

Contact Exporter

• Very simple project.
• Easy way of exporting vcards for backup and transferring.
• Current status: Finished. Information here.

© Copyright 2011-2012 Jason A. Donenfeld. All Rights Reserved.