Interesting new class of bugs I need to write about and report: select requires pointers to objects of type fd_set, but some programs including OpenSSH pass it a pointer to malloc'd memory sized only for nfds, not sizeof(fd_set).
-
-
any obvious remote security impact?
-
No, its just a conformance bug that could trap or crash with heap corruption depending on posix implementation choices, not depending on attacker-controlled conditions.
-
However trying to be compatible with their hack precludes hardening of select against UB/overflows, so that could be seen as a security impact.
-
thanks. See, this (among other reasons) is why I follow you.
End of conversation
New conversation -
-
-
That's a broken select implementation. Might be a broken spec too.
-
It doesn't match the Linux syscall ABI that leaves flexibility for the userspace implementation to choose what FD_SETSIZE is, and thus it was promptly changed, but it's a perfectly valid implementation of the select function, which is a fundamentally broken API.
-
The reaction to "doing what the spec allows will break thousands of programs" isn't to change thousands of programs. Fix the spec.
-
It's really pointless because the only spec change made to select should be marking it obsolescent. It has way too many show-stopping problems, all solved by using poll instead.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.