To begin : "Ted Unangst" is a bit of a celebrityi in (admittedly obscure) OpenBSD circles for doing, disorganisedly and by himself, a sort of Foundation job : "Re-factoring programs with a strong emphasis on maintenance and security. Technical debt is real, and you certainly don't want it in an OS."
That said, here's our motto for today :
BingoBoingo: C machine tedunangst.com/flak/post/my-int-is-too-bigii
mircea_popescu Nice find BB. Especially his discussion of kqueue and the hashtable/array duality + fd_getfile workings strictly indicate that a) he's an idiot ; b) that trilema.com/cargo-cults-a-case-study's "This is what cargo cultism is, you see : memetic stupidity, inescapable for the aculturated. Even if they try. Especially if they try." is exactly right and, sadly, c) that alf is exactly correct : we can't have computers as a continuation of the current shit. I don't agree with his illuministic/humanitarian blaming of the hardware, I believe we can't have computers until and unless impaling every single derp currently involved in computing in any capacity, but this looks like a dispute for the ages.
Why do I say that ? Why, consider the item itself :
Every kqueue keeps a list of all the attached events it’s watching for. Because it’s possible to monitor a number of different event types which can have a variety of identifiers, they are kept in a hash table. However, as a practical consideration, the majority of kqueue events are going to be file descriptors, all of which are identified by small integers. In addition to the hash table, a simple array is used to store file events, indexed by fd.
This array is scaled to accommodate the largest fd that needs to be stored. This would obviously cause trouble, consuming too much memory, if the identifier were not validated first. Which is exactly what kqueue tries to do. The fd_getfile function checks that the identifier is a file that the process has open. One wrinkle. fd_getfile takes an int argument but ident is a uintptr_t, possibly 64 bits. An ident of 2^32 + 2 will look like a valid file descriptor, but then cause the array to be resized to gargantuan proportions.
Again, the fix is pretty simple. We must check that the ident is bounded by INT_MAX before calling fd_getfile. There’s obviously a smaller bound as well, since a process could never have an fd anywhere close to that, but that’s already enforced by the called function. We need only verify that the argument is compatible with the input range. This bug likely would have been exploitable beyond a panic, but the array allocation was changed to use mallocarray instead of multiplying arguments by hand, thus preventing another overflow.
Any questions ? No ?iii Fine then, I leave you with a selected sample of the man's thinking :
This is my homepage. For 2009. Until I get bored and stop updating it again. That'd be now.
About me: haha, like I'd put real information on the internet. That's what Facebook is for! If you're not my friend, you'll have to make do with the lite edition here.
This is, in nucet, how the entire Religion & Holy Faith of Ustardism works : a) deny too broadly ; b) make exception for the state. That way the accursed star pattern can emerge and outrageous socialism appears to the inculturated idiots as "the country" and "the world", ie urbi & orbi.iv
So, it is forbidden to feel up random woman's ass ? But it is acceptable for the USG.TSA to shove a pineapple up your butt ? Is church a place so desinfectedly pure you really have no business even going unless it's for a wedding or something ? But then priests fuck five year olds in all the holes ? Are you fucking insane ? Yes, you are. Go ahead, don't put yourself "on the internet" ; "that's what USG.facebook is for!", see if I care. And see if your USG will be able to protect you once I come for your head. Oh, noes, who could have predicted!11
To be perfectly clear : the pro-soviet elements in a country about to be invaded are not on the bottom of Stalin's list of who to shoot. They are at the top of that list, and for an exceptionally good reason.
- Obviously "beasty.pl" ie "the server at f8l.netne.net" is taking too long to respond, but here's an archival copy. [↩]
- Can we FINALLY fucking stop with the god fucking damned "www" subdomain ? Really. Enough of that stupid shit already. There's no further point to the entire dns shitstack beyond supporting outdated web shit because consumers/idiots are incapable of using proper tech. If it's a "domain name", it's www and can't be anything else ok ? [↩]
- Yes ? Like fucking what ?
This is how they code. Magic fucking numbers atop magic fucking everything else, because to the cargo cultist everything's fucking magic, from gas heating to oh my fucking god almighty WHY THE EVERLOVING FUCK would you "know" what the fuck size the data is going to be! Seriously, "this int should really be about three digits long, not more than five" ? Go hang already! [↩]
- What, you thought you were the first imbeciles to bleat in the wind ? Heh. You were the first just like John Smith is the first idiot to think of stealing the Hebrew texts. No such thing as Mahomed, a goat herder at exactly the same civilisational level, fifteen hundred years prior, amirite ?
If my disdain were wax you'd drown in it. [↩]
- Yes, yes, salvation is one click away. Go read Ballas. All of it. He'll explain this "ironic" bullshit, along with a bunch of other things you imperatively need explained. Right now. [↩]