The code and data behind xeiaso.net
5
fork

Configure Feed

Select the types of activity you want to include in your feed.

'No way to prevent this' says users of the only programming language where this regularly happens

Signed-off-by: Xe Iaso <me@xeiaso.net>

Xe Iaso ad884faf ee0aa5a0

+88
+64
cmd/no-way-to-prevent-this/main.go
··· 1 + package main 2 + 3 + import ( 4 + "flag" 5 + "os" 6 + "text/template" 7 + "time" 8 + ) 9 + 10 + var ( 11 + date = flag.String("date", time.Now().Format(time.DateOnly), "Date of the CVE") 12 + cve = flag.String("cve", "", "CVE number") 13 + cveLink = flag.String("cve-link", "", "CVE link") 14 + project = flag.String("project", "", "Project name") 15 + projectLink = flag.String("project-link", "", "Project link") 16 + summary = flag.String("summary", "a memory safety vulnerability resulting in arbitrary code execution", "Summary of the CVE") 17 + ) 18 + 19 + func main() { 20 + flag.Parse() 21 + 22 + os.MkdirAll("./lume/src/shitposts/no-way-to-prevent-this", 0755) 23 + fout, err := os.Create("./lume/src/shitposts/no-way-to-prevent-this/" + *cve + ".md") 24 + if err != nil { 25 + panic(err) 26 + } 27 + defer fout.Close() 28 + 29 + data := map[string]string{ 30 + "Date": *date, 31 + "CVE": *cve, 32 + "CVELink": *cveLink, 33 + "Project": *project, 34 + "ProjectLink": *projectLink, 35 + "Summary": *summary, 36 + } 37 + 38 + tmpl := template.Must(template.New("article").Parse(articleTemplate)) 39 + if err := tmpl.Execute(fout, data); err != nil { 40 + panic(err) 41 + } 42 + } 43 + 44 + const articleTemplate = `--- 45 + title: '"No way to prevent this" says users of the only programming language where this regularly happens' 46 + date: {{.Date}} 47 + series: "no-way-to-prevent-this" 48 + type: blog 49 + hero: 50 + ai: "Photo by Andrea Piacquadio, source: Pexels" 51 + file: sad-business-man 52 + prompt: A forlorn business man resting his head on a brown wall next to a window. 53 + --- 54 + 55 + In the hours following the release of [{{.CVE}}]({{.CVELink}}) for the project [{{.Project}}]({{.ProjectLink}}), site reliability workers 56 + and systems administrators scrambled to desperately rebuild and patch all their systems to fix {{.Summary}}. This is due to the affected components being 57 + written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes 58 + these things just happen and there's nothing anyone can do to stop them," said programmer Willodean Santorella, echoing statements 59 + expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have 60 + occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can 61 + we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to 62 + write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities 63 + regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless." 64 + `
+4
dhall/seriesDescriptions.dhall
··· 69 69 , details = 70 70 "Instructions on how to use Nix flakes, a new way to use Nix in a more reproducible way." 71 71 } 72 + , Desc::{ 73 + name = "no-way-to-prevent-this", 74 + details = "Articles about the futility of preventing memory safety vulnerabilities." 75 + } 72 76 , Desc::{ name = "nixos", details = "Nix." } 73 77 , Desc::{ 74 78 , name = "olin"
+20
lume/src/shitposts/no-way-to-prevent-this/CVE-2023-6246.md
··· 1 + --- 2 + title: '"No way to prevent this" says users of the only programming language where this regularly happens' 3 + date: 2024-01-30 4 + series: "no-way-to-prevent-this" 5 + type: blog 6 + hero: 7 + ai: "Photo by Andrea Piacquadio, source: Pexels" 8 + file: sad-business-man 9 + prompt: A forlorn business man resting his head on a brown wall next to a window. 10 + --- 11 + 12 + In the hours following the release of [CVE-2023-6246](https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt) for the project [GNU glibc](https://sourceware.org/glibc/), site reliability workers 13 + and systems administrators scrambled to desperately rebuild and patch all their systems to fix a heap-based buffer overflow in the syslog() function resulting in memory corruption or even arbitrary code execution when run in SUID binaries. This is due to the affected components being 14 + written in C, the only programming language where these vulnerabilities regularly happen. "This was a terrible tragedy, but sometimes 15 + these things just happen and there's nothing anyone can do to stop them," said programmer Willodean Santorella, echoing statements 16 + expressed by hundreds of thousands of programmers who use the only language where 90% of the world's memory safety vulnerabilities have 17 + occurred in the last 50 years, and whose projects are 20 times more likely to have security vulnerabilities. "It's a shame, but what can 18 + we do? There really isn't anything we can do to prevent memory safety vulnerabilities from happening if the programmer doesn't want to 19 + write their code in a robust manner." At press time, users of the only programming language in the world where these vulnerabilities 20 + regularly happen once or twice per quarter for the last eight years were referring to themselves and their situation as "helpless."