The Daily WTF: Curious Perversions in Information Technology
Welcome to TDWTF Forums Sign in | Join | Help
in Search
TheDailyWTF.com Forums
TDWTF Forums » The Daily WTF » "Side Bar" WTF » Linux kernel WTF

Linux kernel WTF

Last post 08-30-2008 4:25 PM by aquanight. 7 replies.
Page 1 of 1 (8 items)
Sort Posts: Previous Next

  • 08-29-2008 7:10 PM

    Linux kernel WTF

    Reply Contact
    From the menuconfig program of the Linux 2.0.40 kernel: 
        const char *title = NULL;

... title gets pointed to something somewhere in here ...

    title[atoi(argv[offset+4])-4] = 0;

  • 08-29-2008 8:53 PM In reply to

    Re: Linux kernel WTF

    Reply Contact

    Carnildo:
    the Linux 2.0.40 kernel:

     

    Wow. That's a trip down memory lane... 

  • 08-30-2008 4:29 AM In reply to

    • jpa
    • Not Ranked
    • Joined on 02-18-2007
    • Posts 19

    Re: Linux kernel WTF

    Reply Contact

     I've never had menuconfig segfault on me, so apparently it works. Yeah, code is overly complex and a bit unreadable, but that applies to a lot of old open-source C code.

    I also wouldn't consider menuconfig as a part of the kernel.

  • 08-30-2008 11:40 AM In reply to

    Re: Linux kernel WTF

    Reply Contact

    Unless there's some validation of the offset in the parameters list and limit check on the INT value of that parameter before this line it seems like you could pass in a parameter value that would unintentionally overwrite memory not related to the menu.  Pretty common looking C code, but still scary.

  • 08-30-2008 12:44 PM In reply to

    Re: Linux kernel WTF

    Reply Contact

    jpa:

     I've never had menuconfig segfault on me, so apparently it works. Yeah, code is overly complex and a bit unreadable, but that applies to a lot of old open-source C code.

    I also wouldn't consider menuconfig as a part of the kernel.

    The compiler isn't doing its job if you think this works.  The definition is "const char *title," which means title is a pointer to a const string.  The assignment to title[offset] shouldn't be allowed at all.

    My compiler definitely objects: \const_test.cpp(12): error C2166: l-value specifies const object

    So, tell me again how this works?

  • 08-30-2008 2:17 PM In reply to

    Re: Linux kernel WTF

    Reply Contact
    mrprogguy:
    So, tell me again how this works?
    It works via a bug in an older version of GCC. To get it to compile under a current version, you need to modify the code, unless there's an option to turn the bugfix off that I haven't seen.

  • 08-30-2008 3:16 PM In reply to

    Re: Linux kernel WTF

    Reply Contact

    jreasons68:

    Unless there's some validation of the offset in the parameters list and limit check on the INT value of that parameter before this line it seems like you could pass in a parameter value that would unintentionally overwrite memory not related to the menu.  Pretty common looking C code, but still scary.

    If someone is in a position to recompile your kernel for you, you're pwned pretty hard anyway, regardless of an overflow in a (non-suid) build tool that's part of the process!

    (USER WAS BANNED FOR THIS POST)

  • 08-30-2008 4:25 PM In reply to

    Re: Linux kernel WTF

    Reply Contact
    tgape:
    mrprogguy:
    So, tell me again how this works?
    It works via a bug in an older version of GCC. To get it to compile under a current version, you need to modify the code, unless there's an option to turn the bugfix off that I haven't seen.
    -Dconst= I think should do it :).
Page 1 of 1 (8 items)
Powered by Community Server (Non-Commercial Edition), by Telligent Systems