From: "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca>
Subject: Re: C's trikery semantic opens up backdoor in new Linux kernel
Date: Wed, 12 Nov 2003 13:03:39 -0500
Date: 2003-11-12T13:03:39-05:00 [thread overview]
Message-ID: <tBusb.4687$kA6.215815@news20.bellglobal.com> (raw)
In-Reply-To: <bosmuu$1hui4o$1@ID-175126.news.uni-berlin.de>
Vinzent 'Gadget' Hoefler wrote:
> J Cusick wrote:
>>On Wed, 12 Nov 2003 04:26:44 +0000, Stephane Richard wrote:
>>>For some reason, I can't open that link you posted here..
>>
>>The Register site seems to be down at the moment... The link is good.
>>
>>The article discusses the fact that someone tried to slide in a C line
>>(actually 2 lines) that trashed the tcp stack allowing a negative offset
>
> No. It is worse than that.
>
> The interesting line in question is this one:
>
> |if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
>
> First this looks like a sanity check. But look closer. This single
> line serves one single purpose: to give you root-privileges when you
> just pass the right flags. Note the "current->uid = 0" instead of
> "current->uid == 0". Who the hell had the ******* bad idea that
> assignments could return values?
It was a matter of time before this happened. But to be fair to
C, this is a problem with any large body of code. How carefully
is every source line submission scrutinized?
As the quantity of code increases, the likelyhood of some other
subtle change like this being introduced increases. Linux as
Open Source enjoys the advantage of many eyes, which helps. But
it also enjoys the slight disadvantage of "many submissions" as
well ;-)
I do accept that Ada95 would make this more difficult to do,
but this seems to be all academic talk for the moment ;-)
--
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg
next prev parent reply other threads:[~2003-11-12 18:03 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-12 3:17 C's trikery semantic opens up backdoor in new Linux kernel Adrian Hoe
2003-11-12 4:26 ` Stephane Richard
2003-11-12 5:13 ` J Cusick
2003-11-12 7:18 ` Vinzent 'Gadget' Hoefler
2003-11-12 7:50 ` Duncan Sands
2003-11-12 12:08 ` Vinzent 'Gadget' Hoefler
2003-11-12 13:38 ` Duncan Sands
2003-11-12 14:09 ` Vinzent 'Gadget' Hoefler
2003-11-13 21:04 ` Craig Carey
2003-11-14 6:45 ` Freejack
2003-11-14 8:33 ` Erlo Haugen
2003-11-14 9:44 ` Vinzent 'Gadget' Hoefler
2003-11-14 10:16 ` Dmitry A. Kazakov
2003-11-25 10:06 ` Craig Carey
2003-11-25 11:20 ` Dmitry A. Kazakov
2003-11-14 15:31 ` Robert I. Eachus
2003-11-14 13:12 ` Georg Bauhaus
2003-11-14 13:31 ` Duncan Sands
2003-11-14 14:56 ` Vinzent 'Gadget' Hoefler
2003-11-14 15:08 ` Georg Bauhaus
2003-11-14 15:38 ` Duncan Sands
2003-11-14 17:57 ` Georg Bauhaus
2003-11-14 15:47 ` Robert I. Eachus
2003-11-14 16:38 ` Vinzent 'Gadget' Hoefler
2003-11-19 4:13 ` Dave Thompson
2003-11-21 15:34 ` Martin Krischik
2003-11-23 2:20 ` Hyman Rosen
2003-11-27 4:22 ` Dave Thompson
2003-11-28 14:01 ` Hyman Rosen
2003-11-12 17:37 ` tmoran
2003-11-12 18:03 ` Warren W. Gay VE3WWG [this message]
2003-11-12 8:51 ` Adrian Hoe
2003-11-12 12:32 ` Preben Randhol
2003-11-13 5:50 ` Chad R. Meiners
2003-11-12 22:59 ` Wes Groleau
2003-11-14 3:31 ` Adrian Hoe
2003-11-14 11:00 ` Dmytry Lavrov
2003-11-15 5:00 ` Adrian Hoe
2003-11-15 5:02 ` Adrian Hoe
2003-11-16 11:29 ` Dmytry Lavrov
2003-11-17 17:07 ` Warren W. Gay VE3WWG
2003-11-16 11:35 ` Dmytry Lavrov
2003-11-15 19:30 ` Wes Groleau
2003-11-12 8:52 ` Adrian Hoe
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox