On Fri, Apr 25, 2008 at 10:17 PM, Jeff Morriss
<jeff.morriss.ws@xxxxxxxxx> wrote:
> Guy Harris wrote:
> > http://www.cs.berkeley.edu/~wychen/cs261/proposal.htm
>
> If Figure 1 is really a problem then my understanding of C just went out
> the window...
I wouldn't have got this by myself without the explanation but if you
read the code as:
typedef unsigned short uid_t;
void dowork(uid_t u);
int main() {
int x = read_from_network();
// Squish root (it's not safe to execute dowork() with uid 0)
if ( (x & 0x0000ffff) == 0) exit(1);
// ^^^^^^^^^^^^^
dowork(x);
}
you would have noticed the issue.
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan