* Posts by Tzvetan Mikov

9 posts • joined 4 Nov 2006

Clever attack exploits fully-patched Linux kernel

Tzvetan Mikov

Much Ado About Nothing

@spendergrsec: Brad, you should really stop tooting your own horn and it would also help if you weren't unnecessarily rude . Everybody so far has acknowledged that the exploit is very impressive. Good work. I really mean that and have said it from the start. But please, don't let that go to your head.

I am trying to clarify to readers of El Reg who may not be experts in C or the Linux kernel (unlike the crowd in LWN), that contrary to what has been said, this is an ordinary run of the mill bug, which is easy to spot and fix in a regular code review, and it is not caused by a flaw in GCC.

@BlueGreen: Normally the hardware would catch the NULL pointer reference and it would result in a kernel oops. However part of the exploit is that it (relying on another bug) first maps valid memory at address 0. It really is a very clever exploit relying on unrelated kernel bugs.

The bug in question itself however is trivially noticeable and fixable. Any tool like LINT would have caught it (in theory; in practice it is not so easy to run LINT on the kernel).

Tzvetan Mikov

Wrong explanation!

Come on, El Reg, I really expect better from you.

The following: "Although the code correctly checks to make sure the tun variable doesn't point to NULL, the compiler removes the lines responsible for that inspection during optimization routines." is completely false.

The bug is real, but it is a very simple bug. Not checking a pointer for a NULL value. No, the code does _NOT_ check for NULL and that is what causes the problem. This has been blown way out of proportion.

For those who know C, this is the relevant code:

struct sock *sk = tun->sk;


if (!tun) return POLLERR;

The bug is in the 1st line - it uses tun before checking it for NULL. The check is a few lines below. A very simple bug that happens to the best of us.

Now the exploit is extremely clever, but the bug itself is trivial.

Camera catches Samsung's OLED iPhone wannabe

Tzvetan Mikov
Thumb Down

Worst UI ever

A 3D cube for UI on a phone? Are they completely insane. This is ridiculous.

Martial law planned for Craigslist's red-light district

Tzvetan Mikov

At last some consistency

Personally I am for fully legalizing prostitution, but given that it is currently not legal in most places, it makes sense to not be able to post prostitution ads easily. Perhaps when lawmakers can no longer easily find cheap prostitutes on Craigslist, they will finally make some changes in the law? (Yeah, right)

Debian discord over de-classified developer proposal

Tzvetan Mikov

@Pete: not a dumb question

It is not a dumb question, but it is kind of irrelevant in the Debian context. Debian is not a commercial distribution. Nobody gets paid. Enthusiasm is key. So, Debian developers maintain software which they like and like to use themselves. It doesn't matter if there are a dozen different applications doing the same thing, as long as all of them have happy maintainers.

In my opinion this actually results in a distribution which may not be easily approachable by the average user, but is consistently superior technically and is a boon for developers like me.

In a way it is like music - the best music is not created for the fans; it is just something that the artist loves to do.

If you think about it, it is impossible to work for free in any other way.

Danes 'prove' sudden iBook death syndrome

Tzvetan Mikov

Coffee spillage

Good article ! Though it caused my coffee to spill from laughter when I got to Lars Ulrich :-)

Russians tell aliens to suck on a fat one

Tzvetan Mikov

Only one meaning

Just a little more info on this exciting topic. Unlike "cock", "хуй" has only one meaning. It is meant to be a vulgar word in all contexts. Also, it means the same thing in other slavic languages as well - so many peoples can now rejoice in seeing their favorite word in Yahoo maps !

Additionally, a very useful but often neglected property of this word, is that it can be spelled in latin alphabet like this = "xyu", and thus cleverly disguised as a mathematical equation.

Counter Strike firm in credit card hack claim

Tzvetan Mikov

Valve never learns

Surely this is the first time they have been hacked ? No ? Somebody hacked their servers before and released the Half Life source on the net ? :-)

It is touching to see how greatly Valve have improved their security after the first incident.

BTW, I have sworn to never use Valve products while they continue to _require_ Internet connection for a single player game. You purchase a game, but you do not own it because it must "activated" _periodically_ over the Internet.

Now I sure am glad that they don't have my credit card info on their servers :-)

Apache packages: creating a support vacuum

Tzvetan Mikov

Apache's layout

Part of the problem is that Apache's default layout is not very convenient, IMHO. Everything: html, configuration, log files, is in one directory under '/usr/local/apache'.

I expect configuration files to be under '/etc', logs to be in '/var/log', etc. '/usr' should be mountable as read-only. This makes backup and user permissions much easier, etc. It cleanly separates files which never change, from one which change more often and need to be editable by different groups of people.

There are other factors too. You need to be able to cleanly install Apache 1.3 and 2.0 at the same time, since 2.0 is not just an upgrade. This also requires some naming changes.

If you check the Wiki link about the different distribution layouts, you'll see that all of them (except Windows) change the default layout to more or less what I am describing above. Perhaps Apache should change the documentation to reflect the established practices.


Biting the hand that feeds IT © 1998–2021