I only apply patches with Git (because it's just easier!) which was why this didn't execute on my system. I spotted this on Tuesday but didn't mention it because I thought it was yet another part of the joke :/https://twitter.com/RichFelker/status/981923832654163968 …
-
-
Yeah, the ideal solution would be disabling Ed patches completely (unless you explicitly use the `-e` option). Hence why I said "at the very least" as opposed to "it should be sufficient" :)
-
OpenBSD addressed this issue with patch(1) and ed(1) a while back https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig …
-
I think I would feel safer if GNU Patch didn't call Ed at all. (I don't have Ed installed anyway, but still).
End of conversation
New conversation -
-
-
At the very least, this (with `-r`) is better than code execution. But, IIRC, there is a BSD Ed without `-r`, so this won't be a solution.pic.twitter.com/GBl88IuYpd
-
That should say "trivial code execution". Anyway, I'm going to try and disable switching to Ed mode without the command line argument.
-
-
The question may want to explicitly say that it can run arbitrary code.
-
Now you just need to send GNU a patch that exploits arbitrary code execution to actually rewrite it in Rust.
-
But, in all seriousness...https://twitter.com/spudowiar/status/981943026737131520 …
End of conversation
New conversation -
-
-
I recall the MKS ed (1990s) was eight bit clean and was reviewed again when the i18n support was added. I'd be surprised if GNU ed or other OS versions had such mistakes. An ed impl. isn't rocket science compared to vi.
-
Being "8-bit clean" doesn't have much to do with whether it's using the wrong types for buffer size/position arithmetic and allocations... These kinds of errors are extremely common in old codebases.
-
So much code uses int where it means/needs size_t, and performs arithmetic on sizes and positions without first checking for overflow.
-
I know. I've written an editor or two in C in the past. Lots of potential gotchas. But those pitfalls are not exclusive old code; lots of new code too, like prototypes that then become full projects can often make those mistakes.
-
Rewrite it in Rust *ducks for cover*
-
I just might. I've been learning Rust in recent months. I like it has no NULL.
End of conversation
New conversation -
-
-
FYI: OpenBSD's ed(1) dropped support for "-r" / red.https://twitter.com/OpenBSD_src/status/470020172451835905 …
- 1 more reply
New conversation -
-
-
ed is part of the core
#OpenBSD system. I'd be really surprised if it hasn't been audited there.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.