Regression in signal handler.

This vulnerability is exploitable remotely on glibc-based Linux systems, where syslog() itself calls async-signal-unsafe functions (for example, malloc() and free()): an unauthenticated remote code execution as root, because it affects sshd’s privileged code, which is not sandboxed and runs with full privileges.

  • towerful@programming.dev
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 months ago

    For an integer, 4 < x < 6 x has to be 5. It’s the only value that satisfies all sides of the equation.
    You are deriving a set of values for open ssh that satisfies all sides of the equation.

    I think it’s more of a mathematical representation than programming representation (I mean, I don’t know of a language that would accept that syntax).
    Certainly psuedocode would have quick statements like this