Wednesday, November 22, 2006

More MOKB-20-11-2006 related news

Apparently, it isn't enough to explain these issues in the most simple possible way. There will be always someone else who doesn't bother reading, checking and, well, there will be always someone willing to say something that doesn't make sense at all.

A blog post is claiming that 'crashing a Mac with a .dmg, has been known for ages'. It doesn't stop there, it even falls in the now clueless logical fallacy that has been used over and over by Mac Zealots and other creatures of Neverland for enough time now:
conveniently ignoring the fact that this is still just a crash, not an exploit, and that not all crashes are actually exploitable anyway.
Too many things mixed there and getting screwed up. Time to stop, space cowboy. Going back to Earth, the definition of a 'crash' in kernel-land has quite a few possible meanings:
  • locking issues
  • infinite loops (ex. filesystem code looking for non-existent blocks)
  • unhandled exceptions (ex. invalid memory access, ala page faults, etc)
  • handled exceptions (ex. known unsupported condition, poorly written code panicking for no real reason, ala fpathconf() bug, etc).
  • ...
Now define exploit in the context of a kernel-land issue. Basically exploiting a bug a in kernel-land requires some conditions to be met:
  • influence memory operations (ex. land at controlled memory)
  • avoid hard locks
  • avoid corrupting essential spots
  • change execution flow gracefully
In any case, once you have abused the vulnerable condition, you will have only one chance (normally, although there are exceptions, like modules and other interfaces that can be dynamically loaded and not necessarily get totally screwed up) to subvert the execution flow, until it goes wild and causes your so-called 'crash'. So, what happens upon successful exploitation? You're pwned, Michael Knight.

So, leaving the humorous style. Mac Zealots, please get a life. If something is well beyond your understanding capability, don't worry. Go watch TV, or the iTunes Store.

Reading documentation, debugging, checking the problem, spending hours to understand how something actually works, is obviously a tedious task. It's easier to smoke some pot and mixed hash while listening to Massive Attack and Modest Mouse.

Signed, a proud Macbook, Mac OS X and iPod (it has some indie music too, but not the brainwashing kind it seems, fortunately) user.