Homeland Security Uncovers Critical Flaw in X11 517
Amy's Robot writes "An open-source security audit program funded by the U.S. Department of
Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using an automated code-scanning tool." While serious, the flaw has already been corrected.
Related news (Score:5, Funny)
Government officials were unwilling to cite their sources for this information instead choosing to simply say "we are watching you".
Way to go, boys! (Score:5, Funny)
Any word on the fix? (Score:5, Funny)
A missing parentheses in a bit of code is to blame...the flaw has already been corrected.
Any word on exactly what the fix was?
Re:Here is the actual flaw: (Score:2, Funny)
(X11 sucks monkey cock
Success (Score:3, Funny)
I wonder (Score:3, Funny)
Re:Only one? (Score:4, Funny)
Only one that they are telling us about...
Re:Related news (Score:5, Funny)
watch out for their patches, though (Score:5, Funny)
Little known fact... (Score:5, Funny)
Easy (Score:3, Funny)
Re:I wonder (Score:4, Funny)
> by reading the binary or by utilizing a machine-coded matrix?
I don't know, but I bet Chloe O'Brian is lurking nearby. And she's probably scowling.
Re:Any word on the fix? (Score:4, Funny)
Re:Already Corrected? (Score:5, Funny)
Re:Any word on the fix? (Score:5, Funny)
Not Quite (Score:5, Funny)
Actually, it was not a missing parenthesis, but a missing parenthetical.
double r;r = ( (double)rand() / ((double)(RAND_MAX)+(double)(1)) );
if ( r < 0.5 ) gotroot(true);
And the patched code:
double r;r = ( (double)rand() / ((double)(RAND_MAX)+(double)(1)) );
if ( r < 0.5 ) gotroot(true); (just kidding!)
Re:Related news (Score:5, Funny)
Re:So does this mean? (Score:3, Funny)
So no, it is indeed just a closing paranthesis that is missing. Why exactly that bloke considered this 'seemingly harmless', I don't know though... that is rather like saying "The car crash was caused by something as seemingly harmless as a severed brakeline."
Re:Related news (Score:3, Funny)
I just saw a story.. (Score:3, Funny)
Re:OpenBSD fixed on Jan. 21, 2000 (Score:5, Funny)
That is one brilliant policy! Kudos to whomever implemented that!
It reminds of an incedent about 12 years ago. A bunch of us entry level programmers were sitting around and this one guy pipes up and says "Look! I wrote an entire function (it was C) in one line!" He did, too. It was one of those 'for' loops with a 'while' and a bunch of things in one line. It was impossible to read. I just shook my head and said, "If there's a bug in that code, and I get assigned to it, I'm coming for you!"
Wow. Homeland Security.... (Score:5, Funny)
Jack: I'm running out of time. I need that salelite image.
Chloe: I opened a socket into a NASA server and retasking the satelite.
Jack: Great, download the image to my PDA.
Chloe: I need your IP address.
Jack: 1.2.123.129
Chloe: I'm having some trouble. I'm hacking into a secure server at CTU, and sending the image to your PDA.
Jack: I've got it. Thanks Chloe.
Chloe: Whatever...
Re:OpenBSD fixed on Jan. 21, 2000 (Score:5, Funny)
More specifically, March 10th of 2006. Seven weeks ago.
Best part was the CVS log:
It all depends... (Score:3, Funny)
Have you paid your Moses Fee?
(let my packets go....) [as sung to 'let my people go']
Re:Missing *pair* of parentheses - PASCAL? (Score:1, Funny)
http://en.wikipedia.org/wiki/Niklaus_Wirth [wikipedia.org]
So was the X11 bug in European or American code?
Re:Related news (Score:3, Funny)
(that's the job of Congress and industry trade groups)
Re:Related news (Score:5, Funny)
It drives me nuts too. That's why i use the -fsyntax-only option whenever I compile anything. It gets rid of the warnings so you know your code is safe!
Re:Already Corrected? (Score:4, Funny)
Yes.
Re:Another score for open source! (Score:3, Funny)
Excluding Outlook Express I guess.
Re:Related news (Score:4, Funny)
No, no, that's a flaw in X10, not X11. That missing remote behaviour is an undocumented feature.
Comment removed (Score:3, Funny)
Re:Another score for open source! (Score:2, Funny)
Yeah, but Windows is still safer, because the useful bugs are hidden in with all these other bugs. In fact, it's sometimes hard for a hacker to get to the exploit, because, first he runs into what I like to call "the blue screen OF FREEDOM!"
Coming soon.... "Parenthesis Day" (Score:2, Funny)
Re:Related news (Score:2, Funny)
Re:OpenBSD fixed on Jan. 21, 2000 (Score:2, Funny)
Re:Related news (Score:3, Funny)
$#$#%... [signal lost]