User: Password:
|
|
Subscribe / Log in / New account

Fun with NULL pointers, part 1

Fun with NULL pointers, part 1

Posted Jul 21, 2009 9:56 UTC (Tue) by nix (subscriber, #2304)
In reply to: Fun with NULL pointers, part 1 by cortana
Parent article: Fun with NULL pointers, part 1

The concern isn't just that the vulnerability surface has increased: it's that we can't even easily tell what it is anymore.

Determining the set of privileged code that could carry out operations on behalf of unprivileged users was fairly simple in the days before PolicyKit: find setuid/setgid binaries, chase their shared library dependencies and (if you're paranoid) see what they can dlopen(). Just a grep away, in any case.

Now, we have to analyze the dbus and PolicyKit policies as well, and XML is... not terribly amenable to analysis with Unix-style shell tools. (Some Perl packages come with XML-style XPath-based grep tools, but they are a) rarely installed and b) seriously cumbersome. We really need an awk for XML.)


(Log in to post comments)

Fun with NULL pointers, part 1

Posted Jul 21, 2009 12:52 UTC (Tue) by nim-nim (subscriber, #34454) [Link]

> We really need an awk for XML.

Just use xsltproc directly (though not having to use a detached xslt file would be nice)

Fun with NULL pointers, part 1

Posted Jul 22, 2009 22:00 UTC (Wed) by nix (subscriber, #2304) [Link]

Ew, no. Utterly un-awklike and doing awk-like transformations with XSLT is
really quite painful. (And yes, you can do awklike languages for things
other than text streams: see gvpr(1) for example.)

(One of many problems is XSLT's heavy use of <>, which makes it very
annoying to use from the shell prompt. Another is its astonishing
verbosity. Another is its total lack of good taste in design... also the
functional nature of it, while one of its nicer aspects, fits very badly
with the shell in my experience.)

Fun with NULL pointers, part 1

Posted Jul 21, 2009 14:01 UTC (Tue) by gmaxwell (guest, #30048) [Link]

Poliykit plays a role: If you go look at the discussions on the fedora list you'll see that there was some degree of argument what the actual behaviour was— Was it asking for a password at all (some people thought it wasn't because it only did so once) and was it asking for the root password? A lot of people had used and never realized that it was asking for their user password rather than root.

SUID is more unambiguous.

xml awk

Posted Jul 22, 2009 7:08 UTC (Wed) by Frej (subscriber, #4165) [Link]

xml awk

Posted Jul 22, 2009 11:18 UTC (Wed) by nix (subscriber, #2304) [Link]

That looks nice. Not very awkish though...


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds