Meta/Websites/serenityos.org/bounty/index.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

<!DOCTYPE html>
<html>
<head><title>SerenityOS bug bounty program</title></head>
<body>
    <h1>SerenityOS bug bounty program</h1>
    <p>
        Like any respectable software project, SerenityOS also runs a bug bounty program.
        I don't have a huge budget, but I want to reward good honest work.
    </p>
    <p>
        I will pay <b>$5</b> USD for exploitable bugs in these categories:
    </p>
    <ul>
        <li>Remote code execution.</li>
        <li>Local privilege escalation.</li>
        <li>Arbitrary code execution in the Browser when loading a remote web page.</li>
    </ul>
    <p><b>Rules</b></p>
    <ul>
        <li>No rewards for bugs you caused yourself.</li>
        <li>The PoC exploit needs to work against the master branch at the time of claim.</li>
        <li>Max 5 bounties per person.</li>
        <li>No duplicates. If a bug is already reported, only the earliest reporter may claim the reward. This includes bugs found by continuous fuzzing systems.</li>
        <li>No rewards for bugs that require unlikely user interaction or social engineering.</li>
        <li>Remote bugs must be exploitable with an unmodified "default setup" of SerenityOS. Bugs in programs that are not started by default don't qualify.</li>
        <li>The PoC exploit needs to work on a QEMU-emulated CPU that supports SMAP, SMEP, UMIP, NX, WP, and TSD natively.</li>
        <li>SerenityOS always runs with assertions enabled, so you'll need to find a way around them.</li>
    </ul>
    <p>
        Rewarded bounties will be listed here, and I will also make a video dissecting each
        exploit and showing what the bug was, and how I fix it.
    </p>
    <p><b>Rewarded bounties:</b></p>
    <ul>
        <li><b>2020-03-30:</b> <font color="green"><b>$5</b></font> to <b>\0</b> for reporting that the documentation neglects to mention that the default <b>anon</b> user can use <code>su</code> to become <b>root</b> by default. <a href="kiwis4kiwi.png">Donated to "Kiwis for Kiwi" charity as per \0's request.</a> Fixed with <a href="https://github.com/SerenityOS/serenity/commit/ec91d2eb9febafd82de3b30bd76fb621f3da5026">this commit</a>.</li>
    </ul>
    <p>
        To claim a reward, get in touch with me either on IRC (<b>kling</b> on Freenode) or via <b>kling@serenityos.org</b>
    </p>
</body>
</html>