(((CVE-2016-10229)))

This is not a backdoor, are you illiterate?

The coreutils are not dependant on the kernel, for now it works on top of linux

Gee, I wonder who could be behind this vulnerability!

It's not a fucking backdoor, you illiterate autist.

i'll gladly do it and promote my Anux kernel for better purposes such as social justice, veganism and ecology

Anux will be safer by having no coreutils except a DE that won't give you ptsd for installing it, and Femiscape, a Firefox-Vivaldi hybrid web browser

Anux will become the leading alternative to Windows within the next five years. mark my word and screencap this

Tell me, is it a front door then?

The CIDF is afraid of this thread.

I'm working on XOmB, it's written in D:

wiki.xomb.org/

>udp.c
>.c
>c
See the problem?

Rewrite linux in Rust. Do it now. I dare you.

Oh, what's that? It can't be done? Awww poor you

>It can't be done?
Who said this?

>The coreutils are not dependant on the kernel, for now it works on top of linux
He wasn't talking about your coreutil bullshit, he was talking about kernel userspace API's

fpbp

If I were to rewrite an OS in Rust, I would try to rewrite a OS with a good architecture. Not Linux.

>18 million lines of code
>Rewrite all of it
Good luck with that.

And I was talking about coreutils. Are you dense? Re read carefully

Yes.

Explain how you would write the OS then user

In fact if I was well versed in Rust I would translate NetBSD to Rust

Microkernel.

Somebody needs to make a "Sweet Puff and Hella Tux" comic

"IT KEEPS HAPPENING"
"I told you about Linux dawg. I told you"

It affects kernel versions before 4.5. Do you happen to be aware of which kernel version is the latest right now? Hint, it's very well past 4.5.

>See the problem?
Yes. I see a dumb weeb.

Why the fuck would he be talking about userspace in the context of coreutils?

Translate what?

I'm talking about a kernel in Rust.
Rust doesn't have headers, so how are you going to expose declarations and structs to userspace like what Linux does with /usr/include/linux/?

C tard is mad, can't read what OP said lel

aaaaaand guess what version your made in China IoT dildo is probably running.

100% of Linux installations out there are running a version prior to 4.5 actually.

Linux takes about 4 to 5 years to get stable. Version 4.5 was released only one year ago, therefore it's not stable yet.

Just so you have an idea, Debian is currently running 3.5, which was released in 2012.

what are LTS versions

>yfw this guy just proved it's impossible to write an operating system kernel in Rust
RUST SHILLS BTFO!!!!!!11

Ask him
NetBSD. Are you dumb?
Rust has modules, Unix like OS has been written in Rust already

If Cisco gave the programming work to qualified software engineers instead of Indian fuckos who learnt to program with Java, there would be no problem.

Dumb weeb.

I know what they are, what do they have to do with anything? Did you even read my post?

Go to the Debian mailing lists and suggest replacing 3.5 with 4.9 LTS on Wheezy and see what happens, retard!

Every Linux release takes at least 4 to get minimally stable. I'm not making this up, this is just common knowledge in the Linux community.

Stop shilling your meme software only 5 people use.

>Rust has modules
Can modules replace the functionality of C headers?
Can I share modules that contain declarations between kernel and userspace like what Linux does?
Honest question.

Are you purposefully being retarded?
gist.github.com/DanielKeep/470f4e114d28cd0c8d43
doc.redox-os.org/book/

Net what?

Heartbleed was an OpenSSL vulnerability, not a kernel one. However, I do agree with you that C's flaws are catching up.

Great. Now show us the percentage of vulnerabilities on proprietary operating systems and open source operating systems.

>Can modules replace the functionality of C headers?
I don't see why not. Rust's modules are not C headers. However both of them can achieve the same goals. Rust's method is just different

>security as a product

Anybody who isn't a terminal brainlet has already moved over to BSD.

The only people who stick with Linux are ricers who want to watch 4k anime in their framebuffer on a mpv build from portage that only took 8 hours to build

DAMAGE CONTROL

Guess which kernel is the new lts?

>qualified software engineers
Who are they? Never seen a competent C project in real life.

Literally half the network appliance industry runs on OpenBSD, you fucktard.

>CVE details

>I got owned: the post
Clock work

I'm not "guessing" anything irrelevant to the discussion. Quit with the red herrings.

Stop trolling. You're not even funny.

Is "Rust has no headers" a new meme?

Like whiteboards?

use core::ptr;
use core::sync::atomic::{AtomicBool, ATOMIC_BOOL_INIT, AtomicUsize, ATOMIC_USIZE_INIT, Ordering};

use acpi;
use allocator;
use device;
use gdt;
use idt;
use interrupt;
use memory;
use paging::{self, entry, Page, VirtualAddress};
use paging::mapper::MapperFlushAll;

/// Test of zero values in BSS.
static BSS_TEST_ZERO: usize = 0;
/// Test of non-zero values in data.
static DATA_TEST_NONZERO: usize = 0xFFFFFFFFFFFFFFFF;
/// Test of zero values in thread BSS
#[thread_local]
static mut TBSS_TEST_ZERO: usize = 0;
/// Test of non-zero values in thread data.
#[thread_local]
static mut TDATA_TEST_NONZERO: usize = 0xFFFFFFFFFFFFFFFF;

pub static CPU_COUNT: AtomicUsize = ATOMIC_USIZE_INIT;
pub static AP_READY: AtomicBool = ATOMIC_BOOL_INIT;
static BSP_READY: AtomicBool = ATOMIC_BOOL_INIT;

extern {
/// Kernel main function
fn kmain(cpus: usize) -> !;
/// Kernel main for APs
fn kmain_ap(id: usize) -> !;
}

/// The entry to Rust, all things must be initialized
#[no_mangle]
pub unsafe extern fn kstart() -> ! {
{
extern {
/// The starting byte of the _.bss_ (uninitialized data) segment.
static mut __bss_start: u8;
/// The ending byte of the _.bss_ (uninitialized data) segment.
static mut __bss_end: u8;
/// The end of the kernel
static mut __end: u8;
}

// Zero BSS, this initializes statics that are set to 0
{
let start_ptr = &mut __bss_start as *mut u8;
let end_ptr = & __bss_end as *const u8 as usize;

if start_ptr as usize

Never looking up what language the software you used was written in is not an argument.

>Like whiteboards
Yes, both of them appeals to high school dropouts

It's 4.5
Do you know when debian plans on a new release?

you're right

the only laughable thing ITT is Linux's security

It's not Linux's fault completely. It's just C being C.

>debian is going to release a new version with a two year old kernel
So?

Same happened with wheezy.

Doesn't mean anything.

Wanna know why?

BECAUSE JUST RELEASED DEBIAN VERSIONS AREN'T STABLE YET!

Retard.

How serious is this? Does any Udp listener lead to RCE? Bind for example?

Comment 3 Wade Mealing 2017-04-10 20:50:22 EDT
Statement:

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, Red Hat Enterprise MRG 2, and realtime kernels as the code that introduced the flaw is not present in these products.

OpenBSD is written in C and doesn't suffer from these problems.

You're correct that C allows bad programmers to create big problems, but it's not like a properly-written program is inherently insecure.

Fugggg my router runs linux
Any workarounds?

Install OpenBSD

Whew I was about to panic

>This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7, MRG-2 and realtime kernels

access.redhat.com/security/cve/cve-2016-10229

bugzilla.redhat.com/show_bug.cgi?id=1439740

OpenBSD doesn't have these problems because no one but OpenBSD's security team formally reviewed it.

I remember FreeBSD fags boasting about how their system is well written in comparison to Linux before 57 security vulnerabilities found in FreeBSD in an incomplete third party review.

>// Zero BSS
The bootloader or executable image loader is supposed to do this.

Oh wow, it's almost as if, hold on guys, I'm on to something here...

It's almost as if bad code is the problem and not the language. Who would have guessed?

CentOS 7 runs 3.10
Openwrt alsu uses 3.10 or something
My router with tomato has 2.6.36.4

Thanks for responding to .

The reason Windows and other proprietary systems get more CVE alerts is because they are more widespread and therefore more strongly scrutinized.

>a properly-written program
You cannot write a C program that takes two numbers from the user and prints out the total along with the proper type in C.

Prove me wrong if you can

/thread

And the source is not even out, that's how shitty NT's codes are. However we need to ditch C all together before these keep happening

security-tracker.debian.org/tracker/CVE-2016-10229
>2016
Are you fucking retarded?
It's old as fuck. Kill yourself

>not the language.
Not when you got 50 Million undefined behaviors baked into the compilers and the language itself

>wiki.xomb.org/
>read wiki
>read what an exokernel is
>read that it is like a benevolent communist dictatorship
Dropped.

God damn it op.

Debian has security updates for that reason

>let's fix holes with abstractions :----DDDDD

>oh know I do something retarded that shouldn't work and the computer does it anways
You are a moron.
Programming is like riding a bike, if you lean too far to the side you will fall of, so don't do that.

Besides undefined behavior is not "baked into" either the language or the compiler. The exact opposite actually.

No, let's fix holes by not using a language full of undefined behaviors

>1 1 1 GO!!!

Classic C kek

>oh know I do something retarded
It's not retarded, idiot. See how non trash language has properly defined sequence while C(ancer) does not.

You are a moron if you didn't immediately realize why that wouldn't work.

Can't do it in Rust either.

I was just about to disconnect all my servers and perform upgrades, and then I realized OP is a faggot.
What a relief.

Oh I didn't realize calling unary operatored variables can cause undefined behavior in C

Just you.

By yourself.

Yeah good luck m8. Even the most productive, autistic attention to detail and knows the language spec backwards guys I know couldn't do this.

>mfw not even Java has this problem

>He didn't know that
And you call yourself a programmer?