Untitled attachment

Notices where this attachment appears

1. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 08-Jan-2025 09:01:06 JST Haelwenn /элвэн/ :triskell:

   @klardotsh @josch @whitequark I find it somewhat readable, sure short variable names but strncmp is doomed to be like that.

   The unsigned char cast is interesting, not sure what it's for and I guess could use a comment but it's not really worrying. The printf functions in musl are more annoying to read and I think dalias has made them more readable recently.

   Meanwhile glibc it's:
   - layers and layers of macros for even trivial functions, making it a pain to debug;
   - dangerous features like ifunc and nsswitch.conf (dynamically loading authentication libraries is a hard no for me);
   - ld.so having all kinds of questionable features making it a source of exploits for setuid binaries;
   - python and perl as build dependencies, making it a *very* long adventure to bootstrap from full-source;
   …

2. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 04-Dec-2024 08:34:04 JST Haelwenn /элвэн/ :triskell:

   in reply to
   @sun Or for another example on glibc systems, CVE-2023-4911 (glibc ld.so GLIBC_TUNABLES) would still work against sudo-rs instead of sudo.
   
   Meanwhile a Go reimplementation of sudo could end up fine if cgo isn't used.
3. Embed this notice
   Jan Schaumann (jschauma@mstdn.social)'s status on Thursday, 28-Nov-2024 06:06:48 JST Jan Schaumann

   in reply to

   Advanced #Programming in the #UNIX Environment

   Week 11, Of Linkers and Loaders

   Building on top of what we discussed in Week 5 in the context of the compiler chain, we take a look at how a relocatable object file is turned into an executable by the dynamic linker (ld) and how an executable is loaded into memory by the run-time link-editor (ld.so or ld.elf_so).

   https://youtu.be/8KWuz7gLycc

   #apue

4. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 17-Jun-2024 22:00:02 JST Haelwenn /элвэн/ :triskell:
   @xerz Why even, musl is also good when dynamically linked. (In fact one of my reasons for throwing the last remains of glibc here is how awful glibc's ld.so is)
5. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Friday, 29-Mar-2024 00:47:21 JST Haelwenn /элвэн/ :triskell:
   > think about pledge/unveil on linux
   > it's restrictions added in the middle of runtime
   > remember that epic fail in glibc ld.so
6. Embed this notice
   Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Monday, 23-Oct-2023 04:52:17 JST Haelwenn /элвэн/ :triskell:

   in reply to
   @icedquinn @mischievoustomato @novenary @wolf480pl GNU basically never documents their extensions, this is why I say they do vendor-locking.
   But that should only matter for ones where you don't have proper third-party implementations/documentations, which here you absolutely did.
   
   Like if EAC wanted, they could be like "Nope, we're doing ld.so ourselves" (probably a terribly bad idea btw) and they would be able to implement gnu_hash support easily.