Nice analysis of the High Sierra root exploit: objective-see.com/blog/blog_0x24
Some blame the programmer and/or QA, but the problem was an unchecked pass-by-ref in a function that looks like it should return its result. Once again, the real culprit is a dangerous programming language.
Conversation
Replying to
That isn't my reading of this at all. They were checking the return value -- not a variable that was passed by reference, which they ought to have been checking instead of (or as well as) the return value. AFAICT, "unchecked" means they simply omitted to write code to check it.
1
Replying to
Character limits and all that, but by "unchecked" I meant literally "not checked".
It's still a language problem. Pass-by-ref is often (and certainly in this case) a workaround for lack of multiple return. In Go/Rust you get multi-return *and* all results must be used.
2
Replying to
Color me unconvinced. By that standard, Python is dangerous.
I think that the lessons of "No Silver Bullet" remain true today. Focus on reducing essential complexity, because there is far more of that than incidental complexity. Rust may be a fine language; that's another story.

