33-Year-Old Unix Bug Fixed In OpenBSD

← Back to Stories (view on slashdot.org)

33-Year-Old Unix Bug Fixed In OpenBSD

Posted by kdawson on Tuesday July 8, 2008 @12:10PM from the yet-another-stack-overflow dept.

Ste sends along the cheery little story of Otto Moerbeek, one of the OpenBSD developers, who recently found and fixed a 33-year-old buffer overflow bug in Yacc. "But if the stack is at maximum size, this will overflow if an entry on the stack is larger than the 16 bytes leeway my malloc allows. In the case of of C++ it is 24 bytes, so a SEGV occurred. Funny thing is that I traced this back to Sixth Edition UNIX, released in 1975."

23 of 162 comments (clear)

Min score:

Reason:

Sort:

Time to patch by Anonymous Coward · 2008-07-08 12:12 · Score: 5, Funny

Wouldn't want to let anyone take over your system with yacc. Seriously.
1. Re:Time to patch by slew · 2008-07-08 12:15 · Score: 5, Funny
  
  Wouldn't want to let anyone take over your system with yacc. Seriously.
  But ./ is already taken over with yak. Seriously.
2. Re:Time to patch by Anonymous Coward · 2008-07-08 12:28 · Score: 4, Funny
  
  Who cares about OpenBSD yacc? BSD is dying and Netcraft confirms it. The world has moved to GNU/Linux and Bison.
3. Re:Time to patch by msuarezalvarez · 2008-07-08 15:07 · Score: 3, Funny
  
  So you are including bison in your own apps and its `bloatedness' becomes a problem? Maybe you should read the manpage...
4. Re:Time to patch by setagllib · 2008-07-08 16:47 · Score: 3, Funny
  
  Ah, but it would be written as a J2EE application. And the input wouldn't be .y, it'd be an XML document. And the output wouldn't be C, it'd be another XML, passing through a terabyte of XSLT. Then you pass this compiled parser XML, only a gigabyte in size, and your language file to a parser web service and it returns even more XML representing the parse tree.
  Ahh, progress.
  
  --
  Sam ty sig.
5. Re:Time to patch by TapeCutter · 2008-07-08 21:43 · Score: 4, Funny
  
  Great post, I'm still laughing as I type.
  
  Speaking of old bugs the guy who sits next to me at work hooked a 15yo mainfame bug a few months back. His stock comment whenever someone mentions it is: "Three more years and that one would have been old enough to vote!"
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
From back when by Yold · 2008-07-08 12:13 · Score: 4, Funny

Unix beards were Unix stubble
bad omen by spir0 · 2008-07-08 12:17 · Score: 4, Funny

a 33 year old bug, plus a 25 year old bug (http://it.slashdot.org/article.pl?sid=08/05/11/1339228)....
if we keep going backwards, will the world implode? or will daemons start spewing out of cracks in time and space?

--
The reason girls and Windows users don't understand UNIX is because all the documentation is in Man files.
1. Re:bad omen by je+ne+sais+quoi · 2008-07-08 12:30 · Score: 4, Funny
  
  Nah! What this means is that they are fixing bugs faster than they're making new ones. If they weren't, they'd spend all their time chasing the newest ones. :)
  
  --
  Gentlemen! You can't fight in here, this is the war room!
2. Re:bad omen by exley · 2008-07-08 12:41 · Score: 5, Funny
  
  a 33 year old bug, plus a 25 year old bug (http://it.slashdot.org/article.pl?sid=08/05/11/1339228)....
  if we keep going backwards, will the world implode?
  Well since time began only 38.5 years ago we should find out the answer very soon!
3. Re:bad omen by Dunbal · 2008-07-08 14:03 · Score: 3, Funny
  
  or will daemons start spewing out of cracks in time and space?
  I finally figured out what the UAC were doing on the Mars colony... and it had nothing to do with those artifacts!
  Thank god there's a division of Space Marines there...
  
  --
  Seven puppies were harmed during the making of this post.
4. Re:bad omen by Dunbal · 2008-07-08 14:05 · Score: 4, Funny
  
  It's just as possible people are wasting time fixing unimportant issues and ignoring more important ones.
  We're talking programmers here, not politicians...
  
  --
  Seven puppies were harmed during the making of this post.
5. Re:bad omen by cryptoluddite · 2008-07-08 15:34 · Score: 2, Funny
  
  Well since bugs before the epoch were actual insects, judging by past precedent they'll get super powers... like wall-climbing ability or maybe spidey senses ??
6. Re:bad omen by menace3society · 2008-07-08 16:02 · Score: 4, Funny
  
  The next bug will be in Boolean logic. After that, OpenBSD devs will start fixing structural engineering errors the Tower of Pisa.
7. Re:bad omen by Jurily · 2008-07-08 19:21 · Score: 4, Funny
  
  Sure. Break malloc even worse to allow for backwards compatibility.
  See "Windows 95".
8. Re:bad omen by laejoh · 2008-07-08 20:58 · Score: 3, Funny
  
  In exactly 3.5 years , but I'm afraid the answer will disappoint you.
Re:Great! by The+Master+Control+P · 2008-07-08 12:39 · Score: 5, Funny

I too was devastated to learn that my poor Linux box can only handle 128KB of command line arguments. How can I possibly finish typing in that uncompressed bitmap...
Re:Was it really a bug back then? by russlar · 2008-07-08 14:18 · Score: 5, Funny

If you overflow a buffer then it's a bug, whether it is exploitable or not.
If you can overflow an exabyte-sized memory buffer, you deserve a fucking medal.

--
Anybody want my mod points?
Re:Great! by menace3society · 2008-07-08 16:10 · Score: 4, Funny

Burn the contents of the tar archive onto a CD. Mount the CD over the original directory structure. Use find(1)'s -fstype option to locate all the files that aren't on the CD, copy them to an empty disk image, then eject the CD. Remount the disk image over the original directory, delete all the files in the directory, then unmount the disk image. The files identical in name to those that were on the disk image (which are those that weren't on the CD) won't be deleted thanks to the peculiarities of mount(2).
You're welcome.
Hilarious! by BollocksToThis · 2008-07-08 17:06 · Score: 5, Funny

Funny thing is that I traced this back to Sixth Edition UNIX, released in 1975
My sides are completely split! Invite this guy to more parties.

--
This sig is part of your complete breakfast.
Re:Was it really a bug back then? by AJWM · 2008-07-08 18:15 · Score: 4, Funny

/*Where's my medal?*/
You'll get it when the buffer overflows. If you're running it on a system that processes a billion of those loops per second, that should be in a bit over 31 years. Scale accordingly for your processor and memory speed.

--
-- Alastair
Re:Great! by MBGMorden · 2008-07-09 01:31 · Score: 2, Funny

You forgot "Er.". All Linux advice must contain "Er." at the beginning of the first sentence in order to signify the fact that the poster should have already known how to do this rather than asking this question.

--
"People who think they know everything are very annoying to those of us who do."-Mark Twain
Re:Great! by maztuhblastah · 2008-07-09 02:39 · Score: 3, Funny

So Saturdays at your house must be a real blast, huh?

--
The real litigious bastards...