Nice analysis of the High Sierra root exploit: objective-see.com/blog/blog_0x24
Some blame the programmer and/or QA, but the problem was an unchecked pass-by-ref in a function that looks like it should return its result. Once again, the real culprit is a dangerous programming language.
Conversation
Replying to
That isn't my reading of this at all. They were checking the return value -- not a variable that was passed by reference, which they ought to have been checking instead of (or as well as) the return value. AFAICT, "unchecked" means they simply omitted to write code to check it.
Replying to
Character limits and all that, but by "unchecked" I meant literally "not checked".
It's still a language problem. Pass-by-ref is often (and certainly in this case) a workaround for lack of multiple return. In Go/Rust you get multi-return *and* all results must be used.
2
Of course C was the right choice at the time and still is given the daunting migration cost at this point, but so many security issues are the result of problems that a more modern language wouldn't allow. Humans are fallible and our tools should help us avoid mistakes.