All versions of Linux kernel vulnerable to remote code execution because use-after-free

If it was that easy, how come you never submitted a patch to the kernel before this?

Because I have a real job.

Sure you do. Keep coping.

Lol

Maybe you'd understand if you'd learn some proof based mathematics.

Thanks for the heads up OP. Already patched

News flash: software developers suck at basic linear algebra.

I mean, there is nothing stopping you from efficient code in some ass-fisting language such as agda.

yodaiken.com/2018/06/07/torvalds-on-aliasing/
Daily reminder it's impossible to use C correctly, even Linus doesn't understand the standard and advocates for ignoring it, basically inviting UBs and subtle bugs:
> Don't tell me "the C standard is unclear". The C standard is _clearly_ bogus shit (see above on strict aliasing rules), and when it is bogus garbage, it needs to be explicitly ignored
> The standard simply is not *important*, when it is in direct conflict with reality and reliable code generation.
> I've said this before, and I'll say it again: a standards paper is just so much toilet paper when it conflicts with reality. It has absolutely _zero_ relevance. In fact, I'll take real toilet paper over standards any day, because at least that way I won't have splinters and ink up my arse.
No, you can either support him, basically turning gcc with a set of the compiler options into the de-facto C standard, but then it's no better than other languages without a standard and you're a hostage of the horribly maintained project gcc is. Or you can argue against him, but then you have to somehow show that competent C programmers even exist, because the most famous C programmer in the world is clearly incompetent.

-re
Dare you to exploit this "insecurity"

Based

>arguing in favor of standards somehow means showing competent C programmers exist

>showing that a good C programmer exists means you prove standards are a good
No wonder you don't understand C, with this level of logic you might as well just program in scratch.

No one understands C.

>the horribly maintained project gcc is.
it is the best compiler around though

So C is on the same level as QM?

People at hedge funds do. They aren't your average code monkeys who suck at math though.

I'd prefer my fuckups to be my own, not the compiler's. But that's just me.

News flash: linear algebra has nothing to do with null pointers or kernel development.

Damn that's not cool.

diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 17eb09d222ff..ec78a04eb136 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -122,8 +122,10 @@ static void alg_do_release(const struct af_alg_type *type, void *private)

int af_alg_release(struct socket *sock)
{
- if (sock->sk)
+ if (sock->sk) {
sock_put(sock->sk);
+ sock->sk = NULL;
+ }
return 0;
}
EXPORT_SYMBOL_GPL(af_alg_release);

std::move could have fixed this.

Was it fixed in 4.20.11? It says "affects only versions up to 4.20.10", so 5.0 is probably safe.

>he says when he can't provide evidence of his claims
Faggot

It does when the programmer fails to keep something within bounds. And to be more general: it's the higher level abstractions that are created from algebras that do.

>It does when the programmer fails to keep something within bounds.
Literally "stuff withing bounds" is not the subject of study of linear algebra.

>And to be more general: it's the higher level abstractions that are created from algebras that do.
There are so many abstractions that don't fall under the term "algebra". Classes from any oop language are not an algebra. Turing machine is an abstraction over computational machines, yet it is not an algebra. Or Moore Machine. Or graphs. Or literally any fucking thing.

The nigger didn't even write his own bootloader. Who gives a shit what he thinks.

The nigger didn't even write his own office suite. Who gives a shit what he thinks.

B-but the kool kids on irc told me that's b-bloat...

>c++
>bloat
in what universe

In the real world.

harmful.cat-v.org/software/

Attached: Untitled.png (917x849, 59K)

that list is retarded

>freebsd is harmful
>openbsd is not harmful
Pretty much only thing I agree on

You do realize that list is linked straight from suckless.org right?

>I had a nightmare once in which I a had convinced a friend how wonderful C++ is. A while later he came back., and he was mad.[sic]
>— Robin Rosenberg [groups.google.com/[email protected]]
>Every language has an optimization operator. In C++ that operator is ‘//’
harmful.cat-v.org/software/c /

Attached: Untitled2.png (1026x1416, 145K)

doesn't make it less retarded

Don't really care about the rest of the list right now.

My point is entirely against C++.
>I invented the term Object-Oriented, and I can tell you I did not have C++ in mind. – Alan Kay

Attached: stl.jpg (600x800, 100K)

okay, how does his opinion make software written in c++ bloated?

I pick assembly
>light, secure and fast

Oh oh! I have a bunch of quotes already for that!

>C++ is like jamming a helicopter inside a Miata and expecting some sort of improvement. – Drew Olbrich
>If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor and when was the last time you needed one? – Tom Cargill
>It has been discovered that C++ provides a remarkable facility for concealing the trival details of a program – such as where its bugs are. – David Keppel
>To me C++ seems to be a language that has sacrificed orthogonality and elegance for random expediency. – Meilir Page-Jones
>Whenever the C++ language designers had two competing ideas as to how they should solve some problem, they said, “OK, we’ll do them both”. So the language is too baroque for my taste. – Donald E Knuth
>Within C++, there is a much smaller and cleaner language struggling to get out. – Bjarne Stroustrup
>All new features added to C++ are intended to fix previously new features added to C++ – David Jameson
>C++: glacial compiles, insane complexity, impenetrable errors, laughable cross-platform compat, basically useless tools. – Aaron Boodman
>C++ is more of a rube-goldberg type thing full of high-voltages, large chain-driven gears, sharp edges, exploding widgets, and spots to get your fingers crushed. And because of it’s complexity many (if not most) of it’s users don’t know how it works, and can’t tell ahead of time what’s going to cause them to loose an arm. – Grant Edwards
>C++: an octopus made by nailing extra legs onto a dog. – Steve Taylor
>I believe C++ instills fear in programmers, fear that the interaction of some details causes unpredictable results. Its unmanageable complexity has spawned more fear-preventing tools than any other language, but the solution should have been to create and use a language that does not overload the whole goddamn human. – Erik Naggum

Imagine being a seething brainlet pajeet who collects c++ quotes lmao. Still not an argument, though.

Attached: proxy.duckduckgo.png (867x609, 295K)

If you look closely and read the quotes you will notice the quotes paint a picture of C being overly complex, bloated and that is a detriment to programs written in it. This 'picture', has a name. A point. A point which answers your previous question.

>notice the quotes paint a picture of C being overly complex
AHAHA
you don't even know the difference between c++ and c
absolute fucking brainlet

>standards can't be wrong
Brainlet

Ah, I have a quote for that!

>If you think C++ is not overly complicated, just what is a protected abstract virtual base pure virtual private destructor and when was the last time you needed one? – Tom Cargill

well memed my friend
dont bother (You)`ing me because i`m off to bed
good night!

So by your own logic standard C itself is wrong. Glad we finally sorted that out.

How is copypasting a million retarded quotes an argument?
C++ is a deeply flawed language, that's no secret, but it's overall objectively better than the pile of shit that C is. Not to mention that problems with C++ are due to the goal of compatibility with C.
Even Suckass fags deep down think so.
Don't believe me? Take a look at dwm's source code. It's literally emulating OOP all over the place.
Facts speak louder than any meme quote.

he is an obvious troll, don't feed him

>In the Linux kernel through 4.20.10, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
Why isn't there something like a "free_s(void **ptr)" that sets the pointer to null after freeing it?

The C standard gets fixes and changes all the time, I heard that they're deprecating Annex K in a future revision

Oh, here's some bedtime reads for you then.

yosefk.com/c fqa/index.html
Ex:
yosefk.com/c fqa/defective.html
yosefk.com/c fqa/operator.html (myself, I cannot stand the way > is used on on print statements, it's an insult).

rachelslabnotes.com/2009/10/the-hidden-cost-of-c/
250bpm.com/blog:4
250bpm.com/blog:8
gigamonkeys.wordpress.com/2009/10/16/coders-c-plus-plus/
jonathanwhiting.com/writing/blog/games_in_c/
esr.ibiblio.org/?p=532
fefe.de/c /c++-talk.pdf
www-cs-students.stanford.edu/~blynn/c/cpp.html
securityfocus.com/blogs/238
scs.stanford.edu/~dm/home/papers/c -new.html
assoc.tumblr.com/post/411601680/performance-of-stl-vector-vs-plain-c-arrays
assoc.tumblr.com/post/459536318/weakness-of-stl-over-plain-c-types
groups.google.com/forum/#!msg/comp.lang.lisp/7xCvdzijzgU/4xCFzLc3d5EJ
groups.google.com/forum/#!msg/comp.lang.c .moderated/AETl35wS3uQ/ZsogoxSoFtwJ

I'm a chef at wendy's, how's that for cope?

>esr

Attached: 1550683853006.jpg (500x641, 45K)

How dare you Sir?
harmful.cat-v.org/software/OO_programming/

>Another part of the fault must be laid to the failure of OO itself to live up to expectations. We examined this problem in Chapter 4, observing the tendency of OO methods to lead to thick glue layers and maintenance problems. Today (2003), inspection of open-source archives (in which choice of language reflects developers' judgments rather than corporate mandates) reveals that C++ usage is still heavily concentrated in GUIs, multimedia toolkits and games (the major success areas for OO design), and little used elsewhere.

>It may be that C++'s realization of OO is particularly problem-prone. There is some evidence that C++ programs have higher life-cycle costs than equivalents in C, FORTRAN, or Ada. Whether this is a problem with OO or specifically with C++ or both remains unclear, though there is reason to suspect both are implicated [Hatton98].
catb.org/~esr/writings/taoup/html/ch14s04.html#cc_language

Attached: OO.png (970x487, 42K)

Anyone who legitimately likes the C++ standard right now are as deranged as C users. Everyone who uses C++ says the exact same thing. "I wish the language wasn't bloated"
That don't make C garbage for any modern nontrivial piece of software

Really, there isn't any good alternative to C for its use case. Making hardware level abstractions.
There also isn't any good alternative to C++ for its use case. Generating complex software that need performance, fast development time, and require teams of engineers

Anyone who tells you otherwise is a toe jam eating faggot

Some of the articles I posted above referred to using C exactly for complex software that needed performance over C++.

Even worse is being one of those autists that tries to classify what they perceive as fallacies.

Any programming language can be "insecure". Blaming C for being more "insecure" than other languages is bullshit.

Because then you'll get null pointer dereference instead of use after free.

Yeah blame c for security issues when system d is in linux

Musl libc affected?

lmao, coping cnile

and that'd be better
a pointer being set to NULL typically means it's value is undefined, which is easy to check
even if they just set the pointer to NULL and neglected to implement the necessary safety checks, it still wouldn't provide an avenue for kernel RCE.
this recent Jow Forums meme about null pointer dereferences is so fucking dumb.

OOP is better than clusterfuck of free function
Rust >= C++ >> C

Prove me wrong
Protip: You can't

Use whatever language you like

Prove me wrong
Protip: You can't

>15+ million line of code program where thousands of people contribute to it including big corporations who hire god-knows-who to develop shit
>there are bugs
wow guys we should really stop using c, it clearly causes bugs

Yeah but the code in sockfs_setattr presumably checked if the pointer is null, saw that it is not, and dereferenced it, based on the bug description.

>it still wouldn't provide an avenue for kernel RCE
Wrong, see lwn.net/Articles/342330/

>absolute state of Jow Forums
what else are people supposed to write a kernel in, fucking javascript?

>c++
>fast developement time
if you do nothing but import and chain premade libraries like the average pythonlet maybe

There are other languages besides JavaScript and C, user.

HolyC

Nice, pdf is harmful, doesn't even say shit about docx

>Confidentiality (C): High
what?

Nope

R, more like huRRRRRR

It's all relative. Faster than C that's for sure

C isn't inherently insecure.
But you are inherently retarded.
Literally retarded.
Just because linus doesn't like the strict aliasing rules doesn't mean that it's not possible to write perfectly working code without disabling them.
I like how sepples fags think their woefully over-engineered attempt at trying to keep their poorly designed abstractions performant is somehow a fix to every problem.
Abortion could have prevented you from posting this.
>OOP is better than clusterfuck of free function
Bait.
It depends on a lot of factors and claiming that development time in any language is faster "overall" than any other language is a lie.
Additionally, "development time" is a useless measure, the real measure is of development and subsequent maintenance time. It's all a cost. If you can develop something in 5 minutes but need to spend a month maintaining it constantly because of issues and then a year passively maintaining it then it is worse than spending a month developing something if you then only need 6 months of passive occasional maintenance work.
In general, the speed of development of a language doesn't matter if you need to produce something which runs long term.

Linear types could have prevented this

ЯIIR

>Bait.
It's not, that's why non trivial C projects poorly implements object model system. See Linux

>C isn't inherently insecure.
C is an obsolete and error prone tool

>CIDF speaks up
It's ok, grandpa, go to bed.

Attached: 120115_baby_boomers_stereotypes-694x405.jpg (694x405, 42K)

C is simple, not obsolete.
It's faster than any "secure" language and to be anywhere as fast as C, other languages have to strip their "securities".

R is a nice language

Whatever helps you sleep at night, grandpa.

Attached: Screenshot_2019-02-21 Which benchmark programs are fast Computer Language Benchmarks Game.png (664x391, 42K)

>Show exactly what I'm talking about in an image
>G-g-got him
Good job on being retarded.

> Rust is as fast as C
> This is exactly what I'm talking about!

>As fast as C
>When stripped of it's safety
Yup, sure is.

it actually is though

Only 3 out of 10 Rust implementations use unsafe, and only for calling simd intrinsics, not to compromise the memory or thread safety.

C is a sad language, but when you're writing a kernel would you rather write the entire thing in Assembly, or C? (C++ and Rust is complete trash for this kind of shit)

Rust can strip all of it's securities, they are not mandatory. You can write Rust just as if you were to write C and you get about as much security in Rust as in C.
Rust is universal language that tried to be everything.
Only difference is you don't have to cast malloc, Rust casts it for you if you don't want to cast it, tough shit.