1. 32
  1. 7

    Finally, a bug which could not be fixed by using Rust :D

    1. 15

      I am by no means a Rust fanboy, but I actually disagree in this case. The root cause of this appears to be incorrect error checking and I think this is caused by in-band signalling of error results. A language with union types that required an explicit match to differentiate between the error and non-error case would have prevented this kind of error.

      1. 5

        Well, it was worth a try ;) Thanks for the clarification :)

      2. 5

        In fairness, this looks like the kind of bug that’s harder to write in Rust since you’ve got to handle the error value (or explicitly ignore it) to get the success value. Polkit’s errors are a bit like tagged unions (without the union) in that the returned boolean tells you whether the *out_uid/*out_pid or the *error value is valid, but in this case the wrong tag was being returned. Putting them in a proper sum type would help with that.

        1. 3

          finally? many more of those around, take my favourite of the year: https://alephsecurity.com/2021/02/16/apport-lpe/

        2. 4

          I can’t seem to reproduce this bug on HardenedBSD. I wonder if any of the other BSDs are affected, but I kind of think they might not be.

          1. 1

            Gotta love the GoldenEye reference.