Homeland Security Uncovers Critical Flaw in X11

Amy's Robot writes "An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using an automated code-scanning tool." While serious, the flaw has already been corrected.

Re:OpenBSD fixed on Jan. 21, 2000

[WilliamSChips]

Well, since with OpenBSD you can only use software from 2000, thats eems accurate.

False Alarm

[dfn5]

After Homeland Security discovered "xhost -" they issued this press release "Sorry, my bad".

Re:Missing *pair* of parentheses

[Edmund+Blackadder]

This helps illustrate the biggest problem I have with C (and most other modern languages). And that is that is that you can close your eyes, start banging on the keyboard and type in some random sequence of characters and it is very likely that it will get parsed and compiled and result in some kind of random program.

In other words, because there are so much abbreviations in C, any mistake usually results in syntaticaly valid but otherwise erroneous code.

Brevity is not the end all. A more verbose language (like Pascal) can be much more helpful by catching your typos before compiling.

Now I think I'm starting to understand.

[Allnighterking]

They are trying to find sufficient errors in Linux code to explain why they were the only group of people in the world who didn't know a major hurricane could cause the levies to break in New Orleans. (They may be on Windows, hard to tell as they use Akimai to ensure uptime)

Re:So does this mean?

[roman_mir]

Yeah, because Java doesn't have function pointers. - thank you, Dr. Obvious.