Forums › Life › Computers, Gadgets & Technology › Computer Viruses, Trojans & Threats. › Elegant 0-day unicorn underscores “serious concerns” about Linux security
I’d read about the previous one (which I found impressive as it used the 6502 virtual machine in a Nintendo emulator which is part of gstreamer) but this is even more impressive.
Does make you wonder how much other kernel code similarly lacks bounds checking – which surely wouldn’t be too much trouble to include with todays available resources, it is not 1986 any more when you were scrabbling around for every last byte – or if the code couldn’t be tested why was it left in as I’ve not seen a FLIC file for about 20 odd years…
I am no expert with C and only dabble occasionally in coding non critical stuff – but even basic experiments (which is about the limit of what I dare try with C) often reminds me that it is so easy to make mistakes with pointers etc and go out of bounds; and that will lead to trouble somewhere along the line.
when I do some coding for work stuff that must stay running I “cheated” and used Python; I did initially try to write the serial port control code in C; but made various mistakes (probably at least one wild pointer or bounds error) so it (unsurprisingly) just segfaulted as soon as the data came down the line.
And that happened with a known constant data format, not even random stuff which could be anywhere on the Internet..
You can get away with rough code that “works” if you are in a controlled environment but apps like this are intended to be used by everybody; including non technical users, although in reality you shouldn’t be running random media files on a critical machine (even in a TV or radio station they should be checked for quality first, bad ones can crash the playout system and then your viewers/listeners don’t get any content!)
0
Voices
0
Replies
Tags
This topic has no tags
Forums › Life › Computers, Gadgets & Technology › Computer Viruses, Trojans & Threats. › Elegant 0-day unicorn underscores “serious concerns” about Linux security