Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday September 06 2018, @03:28PM   Printer-friendly
from the Security-is-hard,-mmmmkay? dept.

Back when Intel introduced the 80286, they didn't quite document everything right away. Errata were needed. Then the 80386 changed things. And then someone convinced them to add just one more feature at the last minute, which didn't get documented properly again.

The History of a Security Hole takes a look at the problems introduced by the I/O Permission Bitmap (IOPB) in the 80286, and how fallout from the implementation caused a security hole in all versions of OpenBSD up to 6.3 and NetBSD up to 4.4.

Conclusion? This programming thing is hard.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Anonymous Coward on Thursday September 06 2018, @05:11PM (1 child)

    by Anonymous Coward on Thursday September 06 2018, @05:11PM (#731402)

    What if different compilers pack your structs differently? ... Or was there some standard I was not aware of which compilers conformed to?

    Well, the C standard is clear: leaving aside bit-fields which have different rules, implementations are free to add any amount of padding after any member of a structure.

    However the C standard is not the only document that matters when implementing a C compiler. In reality most platforms have an ABI specification that details exactly how C structures should be represented in memory, and C compilers for a particular platform will normally follow that specification by default. Such a specification is essential for libraries built using one C compiler to interoperate with code using a different compiler.

    Starting Score:    0  points
    Moderation   +3  
       Interesting=2, Informative=1, Total=3
    Extra 'Interesting' Modifier   0  

    Total Score:   3  
  • (Score: 2) by DannyB on Thursday September 06 2018, @05:51PM

    by DannyB (5839) Subscriber Badge on Thursday September 06 2018, @05:51PM (#731419) Journal

    Dang! That would frustrate cross platform compatibility.

    Too bad they didn't think of having a standard switch to specify packing to either Platform ABI conventions, or C Language Standard conventions. (And then actually have a language standard spec.)

    Then the software author could specify which packing convention was intended. A cross platform packing convention might be good for wire protocols and such. While platform standards might be good for interoperability between libraries, multiple compilers whose code is linked together, and possibly even hardware on that platform. An OS could specify structs and all compilers would understand it the same way. A wire protocol could specify a struct and all compilers could understand it the same way.

    Then someone could come along and say:

    #define struct union

    To achieve maximal efficient packing.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.