xeiaso.net / site
The code and data behind xeiaso.net
5
fork

Configure Feed

Select the types of activity you want to include in your feed.

CVE-2023-52656

Signed-off-by: Xe Iaso <me@xeiaso.net>

Xe Iaso 6a8b390b 0440d6ac

+20
+20
lume/src/shitposts/no-way-to-prevent-this/CVE-2023-52656.md
··· 1 + --- 2 + title: '"No way to prevent this" say users of only language where this regularly happens' 3 + date: 2024-05-26 4 + series: "no-way-to-prevent-this" 5 + type: blog 6 + hero: 7 + ai: "Photo by Andrea Piacquadio, source: Pexels" 8 + file: sad-business-man 9 + prompt: A forlorn business man resting his head on a brown wall next to a window. 10 + --- 11 + 12 + In the hours following the release of [CVE-2023-52656](https://lore.kernel.org/linux-cve-announce/2024052521-recharger-islamic-5f6f@gregkh/T/#t) for the project [The Linux kernel](https://kernel.org), site reliability workers 13 + and systems administrators scrambled to desperately rebuild and patch all their systems to fix a somewhat vague "exploitable" vulnerability in io\_uring that isn't easily understandable from the given reports, but it involves trying to pass io\_uring file descriptors over UNIX sockets with SCM\_RIGHTS in a way that I can't easily read from the changelogs. This is due to the affected components being 14 + written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes 15 + these things just happen and there's nothing anyone can do to stop them," said programmer Prince Noe Pagac, echoing statements 16 + expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have 17 + occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can 18 + we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to 19 + write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities 20 + regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless."