Slashdot Mirror
The Story of a Simple and Dangerous OS X Kernel Bug
RazvanM writes "At the beginning of this month the Mac OS X 10.5.8 closed a kernel vulnerability that lasted more than 4 years, covering all the 10.4 and (almost all) 10.5 Mac OS X releases. This article presents some twitter-size programs that trigger the bug. The mechanics are so simple that can be easily explained to anybody possessing some minimal knowledge about how operating systems works. Beside being a good educational example this is also a scary proof that very mature code can still be vulnerable in rather unsophisticated ways."
Sadly I couldn't get my Mac OS X 10.3.9 (PowerPC) machine to panic with the C code.
Even after the recent security update on Tiger, I still get a kernel panic with the Python code supplied in TFA:
import termios, fcntl
fcntl.fcntl(0, termios.TIOCGWINSZ)
Yeah, I'm planning to upgrade to Snow Leopard soon, after having skipped Leopard. But has Tiger already been abandoned to this extent?
I've met my share of code with the warning "There be dragons!".
The word "fuck" in the comments is a much better metric. If it's more than one for the same function, it's time to pay attention.
Well, it has lasted for decades, although bugs have been found (which is rather the point, and how something achieves maturity; code doesn't become mature by sitting untested). Mac OS X is a linear descendent of NeXTSTEP. Development is now 25 years old, and some bits of the kernel date back to earlier BSD and CMU Mach projects. Last bits of the kernel I read had comments date-stamped 1997 and these were commenting on modifications to older code.
I am TheRaven on Soylent News
Could that have something to do with the fact that the vulnerability reports for OS X include tons of third party stuff (including Java or things that aren't used by default), that those for Windows don't?
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck