The Story of a Simple and Dangerous OS X Kernel Bug

Posted by timothy on Saturday August 29, 2009 @05:39PM from the chink-in-the-armor dept.

RazvanM writes "At the beginning of this month the Mac OS X 10.5.8 closed a kernel vulnerability that lasted more than 4 years, covering all the 10.4 and (almost all) 10.5 Mac OS X releases. This article presents some twitter-size programs that trigger the bug. The mechanics are so simple that can be easily explained to anybody possessing some minimal knowledge about how operating systems works. Beside being a good educational example this is also a scary proof that very mature code can still be vulnerable in rather unsophisticated ways."

2 of 230 comments (clear)

Min score:

Reason:

Sort:

Doesn't cause panic on 10.3.9 by noidentity · 2009-08-29 17:56 · Score: 5, Interesting

Sadly I couldn't get my Mac OS X 10.3.9 (PowerPC) machine to panic with the C code.
Still get the kernel panic on Tiger by ygslash · 2009-08-29 20:09 · Score: 5, Interesting

Even after the recent security update on Tiger, I still get a kernel panic with the Python code supplied in TFA:
import termios, fcntl fcntl.fcntl(0, termios.TIOCGWINSZ)
Yeah, I'm planning to upgrade to Snow Leopard soon, after having skipped Leopard. But has Tiger already been abandoned to this extent?