this post was submitted on 22 Jul 2024

823 points (100.0% liked)

196

16473 readers

2170 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago

MODERATORS

moss@lemmy.blahaj.zone

greembow@lemmy.blahaj.zone

moss@lemmy.world

queue@beehaw.org

funky_rodent@lemmy.blahaj.zone

PeachyMcPeachface@lemmy.blahaj.zone

greembow@lemmy.world

remotelove@lemmy.ca

Roflmasterbigpimp@feddit.de

qaz@lemmy.world

A_Very_Big_Fan@lemm.ee

qaz@lemmy.blahaj.zone

A_Very_Big_Fan@lemmy.world

qaz@lemmy.dbzer0.com

qaz@sh.itjust.works

qaz@lemmy.sdf.org

823

Single point of failrule (lemmy.blahaj.zone)

submitted 3 months ago by nicknonya@lemmy.blahaj.zone to c/196@lemmy.blahaj.zone

52 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Tar_alcaran@sh.itjust.works 19 points 3 months ago (1 children)

The update that broke everything only pushed data, not code. The bug was extant in the software before the update, likely for years.

A terrifyingly large number of critical issues come to light like this. The code has been broken since the first release, but nobody noticed until a certain edge-case occurs.

[–] Technus@lemmy.zip 15 points 3 months ago

Exactly. Even worse, a bug like this isn't just a crash waiting to happen. It's also a massive security hole.

If an incompetently written file can crash the system, there's a decent chance that a maliciously crafted file could have allowed the complete takeover of it. Memory safety bugs, especially in kernel code, are very serious.

A lack of validation would have been a glaring red flag to any outsider looking at the code, but it's exactly the kind of thing someone who's worked on the software forever could easily overlook. It's so, so easy to lose sight of the forest for the trees.