diff options
| author | Xe Iaso <me@xeiaso.net> | 2024-05-26 05:02:48 -0400 |
|---|---|---|
| committer | Xe Iaso <me@xeiaso.net> | 2024-05-26 05:02:48 -0400 |
| commit | 6a8b390b612d46e9d00eda9b513277b6cd575573 (patch) | |
| tree | d6992fc27a7b0091733a82eae3d22640b88a1bc5 /lume/src/shitposts | |
| parent | 0440d6ac8c121a4bcda64ced4e22233fef391ae2 (diff) | |
| download | xesite-6a8b390b612d46e9d00eda9b513277b6cd575573.tar.xz xesite-6a8b390b612d46e9d00eda9b513277b6cd575573.zip | |
CVE-2023-52656
Signed-off-by: Xe Iaso <me@xeiaso.net>
Diffstat (limited to 'lume/src/shitposts')
| -rw-r--r-- | lume/src/shitposts/no-way-to-prevent-this/CVE-2023-52656.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lume/src/shitposts/no-way-to-prevent-this/CVE-2023-52656.md b/lume/src/shitposts/no-way-to-prevent-this/CVE-2023-52656.md new file mode 100644 index 0000000..d350217 --- /dev/null +++ b/lume/src/shitposts/no-way-to-prevent-this/CVE-2023-52656.md @@ -0,0 +1,20 @@ +--- +title: '"No way to prevent this" say users of only language where this regularly happens' +date: 2024-05-26 +series: "no-way-to-prevent-this" +type: blog +hero: + ai: "Photo by Andrea Piacquadio, source: Pexels" + file: sad-business-man + prompt: A forlorn business man resting his head on a brown wall next to a window. +--- + +In the hours following the release of [CVE-2023-52656](https://lore.kernel.org/linux-cve-announce/2024052521-recharger-islamic-5f6f@gregkh/T/#t) for the project [The Linux kernel](https://kernel.org), site reliability workers +and systems administrators scrambled to desperately rebuild and patch all their systems to fix a somewhat vague "exploitable" vulnerability in io\_uring that isn't easily understandable from the given reports, but it involves trying to pass io\_uring file descriptors over UNIX sockets with SCM\_RIGHTS in a way that I can't easily read from the changelogs. This is due to the affected components being +written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes +these things just happen and there's nothing anyone can do to stop them," said programmer Prince Noe Pagac, echoing statements +expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have +occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can +we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to +write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities +regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless." |