Conversation

Replying to

FS drivers do not belong in privileged contexts. The FS driver for an untrusted FS should be executing in a context where it can do nothing worse than store or retrieve wrong data.

1

2

This Tweet was deleted by the Tweet author. Learn more

Replying to

No, that's not what he means. He's saying that an external file system should have a sandboxed filesystem driver, so that exploiting a bug inside it doesn't immediately grant complete control over the entire system and at least requires privesc to escape (likely via the kernel).

1

4

Replying to

Try reading the overview in events.linuxfoundation.org/wp-content/upl. Finding a Linux kernel vulnerability is not hard. Literally hundreds of bugs are found by syszkiller every month and many are not fixed. Most are memory corruption. There are simply too many to even fix all discovered bugs.

2

5

Replying to

yes, we don't need to debate the question "can people write memory safe code in C" the answer is overwhelmingly obvious to almost all of us

3

1

18

Replying to

I think I could write a memory safe fizzbuzz in C

1

10

Replying to

I once tried to write a C program doing *nothing*, still UB.

2

This Tweet was deleted by the Tweet author. Learn more

I apparently forgot to `return 0`, which is required by standard.

1

Replying to

it isn't though! but only main() is special like this

1

1

Replying to

It's undefined for C89 though.

1:28 PM · Jun 4, 2019Twitter Web Client

Replying to

It's only UB to use the return value. 😜

1

4

Shafik Yaghmour

@shafikyaghmour

Replying to

I see you are channeling your inner JF today ;-)

1

3

Show replies