profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/obelisk/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Mitchell Grenier obelisk http://confurious.io osquery developer. Former Facebook Employee.

AbGuthrie/goquery 73

Provide a shell like interface by utilizing osquery's distributed API

obelisk/PoorMansXboxOneControllerDriver 23

Want to play games on your mac using the Xbox One controller? The poor mans driver might be for you! Allows you to translate controller buttons into keyboard button presses.

obelisk/rustica 13

An SSHCA that uses a standard Yubikey to issue new host and user certificates.

obelisk/Enigma 7

A C++ implementation of the WWII cryptography device, the Enigma Machine

obelisk/endpointsecurity 6

Nice (ish) bindings for the EndpointSecurity framework on macOS for Rust.

obelisk/sshcerts 5

A crate for reading, parsing, verifying, and generating OpenSSH certificates.

obelisk/sfs 3

A filesystem built entirely within the steganographic space of other files.

muffins/osquery 2

SQL powered operating system instrumentation, monitoring, and analytics.

obelisk/PassportControl 2

A SwiftUI frontend for Rust based authentication projects: Rustica and TrustMe

obelisk/osquery_tracker 1

The code and STLs for the osquery tracker.

push eventobelisk/sshcerts

Mitchell Grenier

commit sha 377d4bc23df952a7f1f72ff8f266c1e1de6ca0b3

Update Lexical core

view details

push time in 4 days

push eventobelisk/rustica

Mitchell Grenier

commit sha 07d5d112de1c5169adb939c3dc26355c809fb1f1

Update Lexical core

view details

push time in 4 days

Pull request review commentsmartcontractkit/chainlink

Arbitrum Flag Validator

+// SPDX-License-Identifier: MIT+pragma solidity ^0.7.0;++import "./interfaces/ArbitrumInboxInterface.sol";+import "./interfaces/AggregatorValidatorInterface.sol";+import "./interfaces/FlagsInterface.sol";+import "../v0.6/SimpleWriteAccessController.sol";++contract ArbitrumValidator is SimpleWriteAccessController, AggregatorValidatorInterface {++  bytes4 constant private RAISE_SELECTOR = FlagsInterface.raiseFlag.selector;+  bytes4 constant private LOWER_SELECTOR = FlagsInterface.lowerFlags.selector;++  address private s_flagsAddress;+  // Follows: https://eips.ethereum.org/EIPS/eip-1967+  address private s_arbitrumFlag = address(bytes20(bytes32(uint256(keccak256("chainlink.flags.arbitrum-offline")) - 1)));

Can this be constant?

RodrigoAD

comment created time in 15 days

PullRequestReviewEvent

Pull request review commentsmartcontractkit/chainlink

Arbitrum Flag Validator

+// SPDX-License-Identifier: MIT+pragma solidity ^0.7.0;++import "./interfaces/ArbitrumInboxInterface.sol";+import "./interfaces/AggregatorValidatorInterface.sol";+import "./interfaces/FlagsInterface.sol";+import "../v0.6/SimpleWriteAccessController.sol";++contract ArbitrumValidator is SimpleWriteAccessController, AggregatorValidatorInterface {++  bytes4 constant private RAISE_SELECTOR = FlagsInterface.raiseFlag.selector;+  bytes4 constant private LOWER_SELECTOR = FlagsInterface.lowerFlags.selector;++  address private s_flagsAddress;+  // Follows: https://eips.ethereum.org/EIPS/eip-1967+  address private s_arbitrumFlag = address(bytes20(bytes32(uint256(keccak256("chainlink.flags.arbitrum-offline")) - 1)));++  ArbitrumInboxInterface private s_arbitrumInbox;+  SimpleWriteAccessController private s_gasConfigAccessController;++  struct GasConfiguration {+    uint256 maximumSubmissionCost;+    uint32 maximumGasPrice;+    uint256 gasCostL2;+    address refundableAddress;+  }+  GasConfiguration private s_gasConfig;+  uint32 constant private s_L2GasLimit = 30000000;+  uint32 constant private s_maxSubmissionCostIncreaseRatio = 13;++  /**+   * @param aggregatorAddress default aggregator with access to validate+   * @param inboxAddress address of the Arbitrum Inbox L1 contract+   * @param flagAddress address of the Chainlink L2 Flags contract+   * @param gasConfigAccessController address of the access controller for managing gas price on Arbitrum+   * @param maxSubmissionCost maximum cost willing to pay on L2+   * @param maximumGasPrice maximum gas price to pay on L2+   * @param gasCostL2 value to send to L2 to cover gas fee+   * @param refundableAddress address where gas excess on L2 will be sent+   */+  constructor(+    address aggregatorAddress,+    address inboxAddress,+    address flagAddress,+    address gasConfigAccessController,+    uint256 maxSubmissionCost,+    uint32 maximumGasPrice,+    uint256 gasCostL2,+    address refundableAddress+  ) {+    s_arbitrumInbox = ArbitrumInboxInterface(inboxAddress);+    s_gasConfigAccessController = SimpleWriteAccessController(gasConfigAccessController);+    s_flagsAddress = flagAddress;

Would this benefit from a 0 check?

RodrigoAD

comment created time in 15 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentsmartcontractkit/chainlink

Arbitrum Flag Validator

+// SPDX-License-Identifier: MIT+pragma solidity ^0.7.0;++import "./interfaces/ArbitrumInboxInterface.sol";+import "./interfaces/AggregatorValidatorInterface.sol";+import "./interfaces/FlagsInterface.sol";+import "../v0.6/SimpleWriteAccessController.sol";++contract ArbitrumValidator is SimpleWriteAccessController, AggregatorValidatorInterface {++  bytes4 constant private RAISE_SELECTOR = FlagsInterface.raiseFlag.selector;+  bytes4 constant private LOWER_SELECTOR = FlagsInterface.lowerFlags.selector;++  address private s_flagsAddress;+  // Follows: https://eips.ethereum.org/EIPS/eip-1967+  address private s_arbitrumFlag = address(bytes20(bytes32(uint256(keccak256("chainlink.flags.arbitrum-offline")) - 1)));++  ArbitrumInboxInterface private s_arbitrumInbox;+  SimpleWriteAccessController private s_gasConfigAccessController;++  struct GasConfiguration {+    uint256 maximumSubmissionCost;+    uint32 maximumGasPrice;+    uint256 gasCostL2;+    address refundableAddress;+  }+  GasConfiguration private s_gasConfig;+  uint32 constant private s_L2GasLimit = 30000000;+  uint32 constant private s_maxSubmissionCostIncreaseRatio = 13;++  /**+   * @param aggregatorAddress default aggregator with access to validate+   * @param inboxAddress address of the Arbitrum Inbox L1 contract+   * @param flagAddress address of the Chainlink L2 Flags contract+   * @param gasConfigAccessController address of the access controller for managing gas price on Arbitrum+   * @param maxSubmissionCost maximum cost willing to pay on L2+   * @param maximumGasPrice maximum gas price to pay on L2+   * @param gasCostL2 value to send to L2 to cover gas fee+   * @param refundableAddress address where gas excess on L2 will be sent+   */+  constructor(+    address aggregatorAddress,+    address inboxAddress,+    address flagAddress,+    address gasConfigAccessController,+    uint256 maxSubmissionCost,+    uint32 maximumGasPrice,+    uint256 gasCostL2,+    address refundableAddress+  ) {+    s_arbitrumInbox = ArbitrumInboxInterface(inboxAddress);+    s_gasConfigAccessController = SimpleWriteAccessController(gasConfigAccessController);+    s_flagsAddress = flagAddress;+    _setGasConfiguration(maxSubmissionCost, maximumGasPrice, gasCostL2, refundableAddress);++    SimpleWriteAccessController(address(this)).addAccess(aggregatorAddress);+  }+  +  fallback() external payable {}++  function withdrawFunds() +    external +    onlyOwner() +  {+    address payable to = payable(msg.sender);+    to.transfer(address(this).balance);+  }++  function withdrawFundsTo(+    address payable to+  ) +    external+    onlyOwner() +  {+    to.transfer(address(this).balance);+  }++  function setGasConfiguration(+    uint256 maxSubmissionCost,+    uint32 maximumGasPrice,+    uint256 gasCostL2,+    address refundableAddress+  )+    external+  {+    require(s_gasConfigAccessController.hasAccess(msg.sender, msg.data), "Only gas configuration admin can call");+    _setGasConfiguration(maxSubmissionCost, maximumGasPrice, gasCostL2, refundableAddress);+  }++  function validate(+    uint256 /* previousRoundId */,+    int256 /* previousAnswer */,+    uint256 /* currentRoundId */,+    int256 currentAnswer+  ) +    external +    override+    checkAccess() +    returns (bool) +  {+    bytes memory data = currentAnswer == 1 ? abi.encodeWithSelector(RAISE_SELECTOR, s_arbitrumFlag) : abi.encodeWithSelector(LOWER_SELECTOR, [s_arbitrumFlag]);++    s_arbitrumInbox.createRetryableTicket{value: s_gasConfig.gasCostL2}(+      s_flagsAddress, +      0, // L2 call value+      s_gasConfig.maximumSubmissionCost, // Max submission cost of sending data length+      s_gasConfig.refundableAddress, // excessFeeRefundAddress+      s_gasConfig.refundableAddress, // callValueRefundAddress+      s_L2GasLimit,+      s_gasConfig.maximumGasPrice, +      data+    );

Unused return value

RodrigoAD

comment created time in 15 days

startedgithub/ghec-audit-log-cli

started time in a month

push eventobelisk/rustica

Mitchell Grenier

commit sha 147a5c4321d7adcf67a26b19089efb6f9b8a8291

Add rustica-agent config flag

view details

push time in 2 months

push eventobelisk/author

Mitchell Grenier

commit sha a60f85ae5754ce281028c54cc50bcb1179a583cf

Fix Bug: authorization removal affected all fingerprints

view details

push time in 2 months

push eventobelisk/author

Mitchell Grenier

commit sha ec9e2858f274ebbe1c545c79f713c94bd50068af

Bring in new attestation code. Will be moved to sshcerts

view details

push time in 2 months

push eventobelisk/author

Mitchell Grenier

commit sha 9e3215089ba997e952515a284da4c733a9769df2

Add delete function call

view details

push time in 2 months

push eventobelisk/rustica

Mitchell Grenier

commit sha cd4533cac0f52ff5eb2dc02108f9babb62a031d1

Allow specification of socket path

view details

push time in 2 months

created tagobelisk/endpointsecurity

tagv0.2.0

Nice (ish) bindings for the EndpointSecurity framework on macOS for Rust.

created time in 2 months

release obelisk/endpointsecurity

v0.2.0

released time in 2 months

push eventobelisk/endpointsecurity

Mitchell Grenier

commit sha a175862b10fc65f54e9450d3c8d322613a6cbb28

0.2.0

view details

push time in 2 months

push eventobelisk/endpointsecurity

Mitchell Grenier

commit sha 574118e9c0a5b8111a7f198508fb4c98b8b45312

Serde and fixed examples

view details

push time in 2 months

PR closed obelisk/sshcerts

Use certificate key name for public key in certificates conformance

OpenSSH changes the basic key type to the certificate equivalent [1]. The exact reason remains unclear, as it is never checked when reading a certificate. However, it is possible this will be added in a future version.

To stay compatible with openssh as much as possible, we also change the signed key type to the cert variant.

+4 -3

5 comments

1 changed file

WanzenBug

pr closed time in 2 months

pull request commentobelisk/sshcerts

Use certificate key name for public key in certificates

@WanzenBug Any updates here? Am I missing something?

WanzenBug

comment created time in 3 months

push eventobelisk/rustica

Mitchell Grenier

commit sha 662c331e3f238a29d7fdc5d372386201036bcec2

New sshcerts

view details

push time in 3 months

push eventobelisk/rustica

Mitchell Grenier

commit sha 274469faf678998d7a24aa38c4e3bd7c784ddd32

New sshcerts, fix unexpected behaviour in DB

view details

push time in 3 months

pull request commentobelisk/sshcerts

Use certificate key name for public key in certificates

Maybe I am missing something, but this is what I see (I changed the command to have no extensions via ssh-keygen -s ca.key -O no-agent-forwarding -O no-x11-forwarding -O no-pty -O no-port-forwarding -O no-user-rc -I user_key user.key.pub):

Screen Shot 2021-05-03 at 12 42 42 PM

The only parts that appear different to me are the nonce and signature.

Both return Public Key Cert:

Screen Shot 2021-05-03 at 12 50 27 PM

Here are the key files I tested with: ssh_keygen_out.txt ssh_certs_out.txt

WanzenBug

comment created time in 3 months

pull request commentobelisk/sshcerts

Use certificate key name for public key in certificates

I will try to investigate this today. So far using my macOS and linux machine this has not occurred. Just trying to see if I'm doing it wrong or maybe different versions do things differently.

WanzenBug

comment created time in 3 months

startedobelisk/endpointsecurity

started time in 3 months

pull request commentobelisk/sshcerts

Fix RSA Certificate Serialization Bug

I have tagged and published 0.4.4 which includes your change! Let me know if everything works as expected now and thanks again!

WanzenBug

comment created time in 3 months

created tagobelisk/sshcerts

tagv0.4.4

A crate for reading, parsing, verifying, and generating OpenSSH certificates.

created time in 3 months

release obelisk/sshcerts

v0.4.4

released time in 3 months

pull request commentobelisk/sshcerts

Fix RSA Certificate Serialization Bug

Please put up a fix for the key name as well because I'd like to go through it and if that is what ssh-keygen is doing I'll definitely merge it. I just so far haven't been able (mostly lack of time) to independently verify that one.

This one I definitely did and wanted it fixed ASAP!

Thanks so much!

WanzenBug

comment created time in 3 months

push eventobelisk/sshcerts

Mitchell Grenier

commit sha ed06afefc4e18ab30fe523d50e76b8c21e6cd8ac

Version bump with RSA Cert fix

view details

push time in 3 months