Post AaSPWyNccYXFmBXdZ2 by rogerlipscombe@hachyderm.io
(DIR) More posts by rogerlipscombe@hachyderm.io
(DIR) Post #AaP2BzfjBB8PDxIgAi by mjg59@nondeterministic.computer
2023-10-03T19:28:55Z
0 likes, 0 repeats
Proposing a significant increase in system security by replacing all C-based string manipulation with callouts to perl https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
(DIR) Post #AaP3IkaTlIw6QAdBLM by federicomena@mstdn.mx
2023-10-03T19:41:24Z
0 likes, 1 repeats
@mjg59 maybe one can dress as "*p++" for a scary costume this year.
(DIR) Post #AaP401Y6ZgEFTl9fdY by joncruz@mstdn.social
2023-10-03T19:48:39Z
0 likes, 0 repeats
@mjg59 🙀
(DIR) Post #AaPARLqZoZm5yYD0hU by mjg59@nondeterministic.computer
2023-10-03T21:01:25Z
0 likes, 1 repeats
@storm There's precedent for libcs calling perl: https://github.com/Apple-FOSS-Mirror/Libc/blob/2ca2ae74647714acfc18674c3114b1a5d3325d7d/gen/wordexp.c#L192
(DIR) Post #AaPHVOZyIWtXHqJjvs by joeyh@hachyderm.io
2023-10-03T22:18:13Z
0 likes, 0 repeats
@mjg59 eh, just rewrite libc in rust
(DIR) Post #AaPvbv22Y4tjqD6z0i by adambyte@infosec.exchange
2023-10-04T05:50:16Z
0 likes, 0 repeats
@mjg59 Is it an oversimplification for me to say that null-terminated strings were a mistake? Because it really seems like null-terminated strings were a mistake.
(DIR) Post #AaPvsEy8Bv5GJ949Q0 by mjg59@nondeterministic.computer
2023-10-04T05:53:07Z
0 likes, 0 repeats
@adambyte Oh gosh yes
(DIR) Post #AaPw0SR80DiYOTXzma by adambyte@infosec.exchange
2023-10-04T05:54:32Z
0 likes, 0 repeats
@mjg59 Wait. Yes it's an oversimplification, or yes they were a mistake?
(DIR) Post #AaPyvGEeEsWKxzvJfU by mjg59@nondeterministic.computer
2023-10-04T06:27:30Z
0 likes, 0 repeats
@adambyte Oh definitely a mistake
(DIR) Post #AaPz80Ez1AC17o9js0 by mjg59@nondeterministic.computer
2023-10-04T06:29:42Z
0 likes, 0 repeats
@adambyte of course, tagged length strings are also an issue if you have no way to ensure that the tag length matches the allocated length
(DIR) Post #AaQRMKnw9kpzfn7yhk by martini@infosec.exchange
2023-10-04T11:43:18Z
0 likes, 0 repeats
@mjg59 I always have trouble finding that one when someone alludes to it … that was on mac os x right?
(DIR) Post #AaQh6gf6im1C62YgAS by mjg59@nondeterministic.computer
2023-10-04T14:42:14Z
0 likes, 0 repeats
@martini Yup
(DIR) Post #AaQq9KApghaKo3jJsO by adambyte@infosec.exchange
2023-10-04T16:23:27Z
0 likes, 0 repeats
@mjg59 Couldn't you build that into the language relatively easily? E.g. if strings are immutable in the language, then any writing to a string variable compiles into: calculate the string length + tag length, make a sys call to allocate that amount and throw an exception if the call fails, then write the bytes into that chunk of memory.
(DIR) Post #AaQqkLJ0RUlv20Ckk4 by mjg59@nondeterministic.computer
2023-10-04T16:29:21Z
0 likes, 0 repeats
@adambyte what if someone overwrites the tag through some other poor quality bounds checking?
(DIR) Post #AaQuVY5T2QE8964bYG by adambyte@infosec.exchange
2023-10-04T17:12:01Z
0 likes, 0 repeats
@mjg59 Then you've got some other poor quality bounds checking. Overriding a string length tag isn't worse than overwriting anything else, is it? AFAIK that's essentially random, chaotically determined by the language, the compiler, and the program.
(DIR) Post #AaRMT4Ac5xtFUt5KG8 by indrora@social.sdf.org
2023-10-04T22:25:26Z
0 likes, 0 repeats
@mjg59 oh I hate this.
(DIR) Post #AaRaWf7CadBoJ668w4 by federicomena@mstdn.mx
2023-10-05T01:03:07Z
0 likes, 0 repeats
@mjg59 @storm W. T. F.
(DIR) Post #AaRgqBMlVMpBYi4KGm by be@floss.social
2023-10-05T02:13:30Z
0 likes, 0 repeats
@mjg59 @storm 🤯
(DIR) Post #AaS7J4jjpVMECiFgw4 by wolf480pl@mstdn.io
2023-10-05T07:09:52Z
0 likes, 0 repeats
@mjg59 why does posix need a function like that....
(DIR) Post #AaSPWyNccYXFmBXdZ2 by rogerlipscombe@hachyderm.io
2023-10-05T10:34:52Z
0 likes, 0 repeats
@mjg59 @storm yeah, that was a big "what?!" when I found out about that a few years ago.