Language Selection

English French German Italian Portuguese Spanish

Insecurity blues: What I learned from my buggy code

Filed under
Software

It hasn't been a good month for my code. Samba, the project I'm responsible for, has had to announce several security flaws. Unfortunately some of them were in code I wrote. I always do a large amount of soul-searching whenever that happens. There's nothing worse than finding out something you were responsible for is the cause of many thousands of people having to waste their time rolling out patches. It always makes me wonder if the time has come to give up this programming lark and end my days peacefully in management, messing up other people's code instead of creating my own.

It's very educational however to look at the causes of the flaws, and try and learn what we can from the bugs and also our reactions to them. Samba is an old program. The initial code was originally written 15 years ago. At that time, modern security problems such as integer wrap (where adding two numbers together can end up with a number smaller than both of them, due to the fixed sizes of integers that processors deal with), or heap overflow vulnerabilities (where overwriting unallocated memory on the program heap can allow a clever attacker to seize control of a program) were unheard of. We knew about buffer overruns (where reading more data into a buffer than was originally allocated for it can cause a security breach) and denial of service attacks, but 1992 was a simpler, less hostile time for network software development. Most initial deployments of Samba were on networks isolated from the main Internet, by technically advanced administrators who knew how to download the source code from the Internet.

More here




More in Tux Machines

Android Leftovers

Latest KDE and Kubuntu

  • KDE Frameworks 5.41.0 Released with More Than 120 Improvements and Bugfixes
    The KDE Project released today a new version of its open-source KDE Frameworks software stack, a collection of over 70 add-on libraries to the Qt application framework, for GNU/Linux distributions. Each month, KDE releases a new KDE Frameworks build, and version 5.41.0 is now available for December 2017, bringing a month's worth of improvements, bug and security fixes, as well as updated translations.
  • KDE Frameworks 5.41 Released Ahead Of KDE Applications 17.12
    KDE Frameworks 5.41 is now available as the latest monthly update to this collection of add-on libraries complementing Qt5. KDE Frameworks 5.41 has a number of fixes including some crash fixes, updated translations, improvements to Kirigami, support for the idle inhibit manager protocol in KWayland, many Plasma Framework changes, and other updates.
  • Release of KDE Frameworks 5.41.0
    December 10, 2017. KDE today announces the release of KDE Frameworks 5.41.0. KDE Frameworks are 70 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the Frameworks 5.0 release announcement.
  • [Kubuntu] Testing a switch to default Breeze-Dark Plasma theme in Bionic daily isos and default settings
    Today’s daily ISO for Bionic Beaver 18.04 sees an experimental switch to the Breeze-Dark Plasma theme by default. Users running 18.04 development version who have not deliberately opted to use Breeze/Breeze-Light in their systemsettings will also see the change after upgrading packages. Users can easily revert back to the Breeze/Breeze-Light Plasma themes by changing this in systemsettings.

Games: Kim, ASTROKILL, Hearthlands and More

The Best Linux Laptop: A Buyer’s Guide with Picks from an RHCE

If you don’t posses the right knowledge & the experience, then finding the best Linux laptop can be a daunting task. And thus you can easily end-up with something that looks great, features great performance, but struggles to cope with ‘Linux’, shame! So, as a RedHat Certified Engineer, the author & the webmaster of this blog, and as a ‘Linux’ user with 14+ years of experience, I used all my knowledge to recommend to you a couple of laptops that I personally guarantee will let you run ‘Linux’ with ease. After 20+ hours of research (carefully looking through the hardware details & reading user feedback) I chose Dell XP S9360-3591-SLV, at the top of the line. If you want a laptop that’s equipped with modern features & excellent performance that ‘just works’ with Linux, then this is your best pick. It’s well built (aluminium chassis), lightweight (2.7 lb), features powerful hardware, long battery life, includes an excellent 13.3 inch Gorilla Glass touchscreen with 3200×1800 QHD resolution which should give you excellently sharp images without making anything too small & difficult to read, a good & roomy track-pad (earlier versions had a few issues with it, but now they seem to be gone) with rubber-like palm rest area and a good keyboard (the key travel is not deep, but it’s a very think laptop so…) with Backlit, two USB 3.0 ports. Most importantly, two of the most common elements of a laptop that can give ‘Linux’ user a headache, the wireless adapter & the GPU (yes the Intel HD Graphics 620 can play 4K videos at 60fps), they are both super compatible with ‘Linux’ on this Dell. Read more