RSS Drew DeVault's Blog

MSG_PEEK is pretty common and CVE-2016-10229 may be worse than you think

13 Apr 2017

I heard about CVE-2016-10229 earlier today. In a nutshell, it allows for arbitrary code execution via UDP traffic if userspace programs are using MSG_PEEK in their recv calls. I quickly updated my kernels and rebooted any boxes where necessary, but when I read the discussions on this matter I saw people downplaying this issue by claiming MSG_PEEK is an obscure feature.

Principles for C programming

15 Mar 2017

In the words of Doug Gwyn, “Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things”. C is a very powerful tool, but it is to be used with care and discipline. Learning this discipline is well worth the effort, because C is one of the best programming languages ever made. A disciplined C programmer will…

Compiler devnotes: Machine specs

22 Feb 2017

I have a number of long-term projects that I plan for on long timelines, on the order of decades or more. One of these projects is cozy, a C toolchain. I haven’t talked about this project in public before, so I’ll start by introducing you to the project. The main C toolchains in the “actually usable” category are GNU and LLVM, but I’m satisfied with neither and I want to build my own toolchain. I see no reason why compilers should be deep magic. Here are my goals for cozy:

Lessons to learn from C

30 Jan 2017

C is my favorite language, though I acknowledge that it has its warts. I’ve tried looking at languages people hope will replace C (Rust, Go, etc), and though they’ve improved on some things they won’t be supplanting C in my life any time soon. I’ll share with you what makes C a great language to me. Take some of these things as inspiration for the next C replacement you write.

The only problem with Python 3's str is that you don't grok it

13 Jan 2017

I’ve found myself explaining Python 3’s str to people online more and more often lately. There’s this ridiculous claim about that Python 3’s string handling is broken or somehow worse than Python 2, and today I intend to put that myth to rest. Python 2 strings are broken, and Python 3 strings are sane. The only problem is that you don’t grok strings.