https://ringzeropirate.github.io/en/tags/linux/Recent content in Linux on RingZero PirateHugoen-USTue, 28 Apr 2026 00:00:00 +0000https://ringzeropirate.github.io/en/articles/ebpf-first-hook-bpftrace/Tue, 28 Apr 2026 00:00:00 +0000https://ringzeropirate.github.io/en/articles/ebpf-first-hook-bpftrace/Reading time: 15 minutes | Lab time: 30 minutes Your First eBPF Hook: Monitoring Syscalls with bpftrace in 30 Minutes Series: eBPF Security & Observability — Week 1, Thursday Type: Deep Technical Lab Main tool: bpftrace Target: Developers, Security Engineers, SRE Reading time: ~15 minutes Lab time: 30 minutes Have you ever wanted to know exactly what your operating system is doing at this precise moment — which processes are starting, which files are being opened, which network connections are being established — without installing heavy agents, without restarting anything, without modifying a single line of your application code?https://ringzeropirate.github.io/en/articles/sudo-env-bypass/Sat, 28 Mar 2026 00:00:00 +0000https://ringzeropirate.github.io/en/articles/sudo-env-bypass/Reading Time: 16 minutes Responsible Disclosure Notice — All findings described in this article were reported to Todd C. Miller (sudo maintainer) prior to publication. The upstream fix has been committed to the sudo-project/sudo repository. Full timeline is disclosed at the end of this article. Executive Summary During an independent audit of the plugins/sudoers/env.c module in sudo 1.9.17p2 / 1.9.18rc1, I identified seven environment variables that are silently passed through to privileged processes when env_reset is disabled (!