I've been meaning to migrate Plex to Jellyfin. I don't even host at Hetzner, but this coming at the end of the week is perfect -- I'm going to do the migration this weekend!

Yep, challenge author here, and it was definitely to teach that `argv[0]` is not trustworthy. I've seen privileged processes try to re-invoke themselves (as, say, a child process) by looking at `argv[0]` rather than something like `/proc/self/exe` (which is also subject to race conditions if the directory is writable).

The binary was not setuid, but was only executable (not readable) by the user used.

>The binary was not setuid, but was only executable (not readable) by the user used.

Ah, then ptrace/gdb could have been used to dump it out as well :). Looks like a fun CTF, too bad I was too busy for bsides this year..

Katy's talk at DC20 has single-handedly rekindled my interest in robotics, Hacker Dojo, and vodka. Not necessarily in that order. She seems like a wicked awesome person, and given where she's worked before, she's obviously smart as hell...

Some links:

DEFCON 20: Robots: You're Doing It Wrong (waiting for better quality)

http://www.youtube.com/watch?v=QUlcTbfoz3U

Defcon 19: Katy Levinson - Don't Fix It In Software

http://www.youtube.com/watch?v=Drk3Dz3_yLE