Link: "The History of a Security Hole" (in various *BSD kernels)

September 2, 2018

To yank my words from Twitter, Michal Necasek's The History of a Security Hole is a fascinating exploration of both the arcana of the x86 and what C can innocently do to you. Watching the code train barrel down the tracks towards its doom was decidedly compelling. There are also some useful lessons for long term software development that can be extracted here, since many of the mistakes made were entirely natural ones.

I often find this sort of stuff fascinating, so I really liked reading this entry and found I couldn't look away once things got going and mistakes piled up on top of misunderstandings. By the way, don't read this as a slam on the *BSDs; this sort of cascading misunderstanding can happen in any software, and undoubtedly has happened in non-BSD kernels as well in spots. It's simply easy to miss things in large, complex software (see eg).

(My tweet. I'm not sure where I got this from, but see HN, which mentions an interesting additional detail.)

Written on 02 September 2018.
« An extravagant and dense piece of malware-laden email
ZFS quietly discards all-zero blocks, but only sometimes »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun Sep 2 22:22:15 2018
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.