Czytam o nowym bugu w kernelu: https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
W skrócie: size_t
przekazali do funkcji akceptującej int
i jest root. W Rust tak się nie da bez jawnej konwersji, tymczasem w C:
lw@linux-mint-desktop /tmp> cat a.c
#include <stddef.h>
#include <stdio.h>
void call(int s) {
printf("doin' something with s.... %d\n", s);
}
int main() {
size_t s = 10;
call(s);
return 0;
}
lw@linux-mint-desktop /tmp> gcc a.c -o a -Wall -pedantic
lw@linux-mint-desktop /tmp> valgrind ./a
==13764== Memcheck, a memory error detector
==13764== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==13764== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==13764== Command: ./a
==13764==
doin' something with s.... 10
==13764==
==13764== HEAP SUMMARY:
==13764== in use at exit: 0 bytes in 0 blocks
==13764== total heap usage: 1 allocs, 1 frees, 1,024 bytes allocated
==13764==
==13764== All heap blocks were freed -- no leaks are possible
==13764==
==13764== For lists of detected and suppressed errors, rerun with: -s
==13764== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Żadnego błędu, ostrzeżenia, niciego. "Bundziesz pon zadowolony". Why?