logoalt Hacker News

Don't tug on that, you never know what it might be attached to (2016)

87 pointsby todsacerdotitoday at 4:01 PM25 commentsview on HN

Comments

kace91today at 6:01 PM

(Let me start clarifying that this is not at all a criticism of the author)

I am usually amused by the way really competent people judge other's context.

This post assumes understanding of:

- emacs (what it is, and terminology like buffers)

- strace

- linux directories and "everything is a file"

- environment variables

- grep and similar

- what git is

- the fact that 'git whatever' works to run a custom script if git-whatever exists in the path (this one was a TIL for me!)

- irc

- CVEs

- dynamic loaders

- file priviledges

but then feels important to explain to the audience that:

>A socket is a facility that enables interprocess communication

show 6 replies
svattoday at 5:39 PM

(2016)

Also, “direct” link: https://blog.plover.com/tech/tmpdir.html (This doesn't really matter, as the posted link is to https://blog.plover.com/2016/07/01/#tmpdir i.e. the blog post named “tmpdir” posted on 2016-07-01 and there is only post posted on that date, so the content of the page is basically the same.)

jcynixtoday at 6:48 PM

BTW, the author "mjd" is the author of the excellent book "Higher-Order Perl" which is available online at https://hop.perl.plover.com/book/

show 1 reply
adrianmonktoday at 5:44 PM

> This computer stuff is amazingly complicated. I don't know how anyone gets anything done.

I wonder what could be done to make this type of problem less hidden and easier to diagnose.

The one thing that comes to mind is to have the loader fail fast. For security reasons, the loader needs to ensure TMPDIR isn't set. Right now it accomplishes this by un-setting TMPDIR, which leads to silent failures. Instead, it could check if TMPDIR is set, and if so, give a fatal error.

This would force you to unset TMPDIR yourself before you run a privileged program, which would be tedious, but at least you'd know it was happening because you'd be the one doing it.

(To be clear, I'm not proposing actually doing this. It would break compatibility. It's just interesting to think about alternative designs.)

show 1 reply
markstostoday at 4:44 PM

And this was written 10 years ago, when computers were far less complicated and vibe coding sleeper bugs wasn't a thing.

show 2 replies
linsomniactoday at 5:02 PM

The Internet needs more Buckaroo Banzai references. Because wherever you go, there you are.

show 1 reply
thaynetoday at 8:10 PM

Setting a capability on the perl executable seems like a very bad idea. That effectively grants tha capability to everything that is able to invoke perl (without being restricted to NO_NEW_PRIVILEGES).

LordGreytoday at 7:27 PM

Buckaroo Banzai: You can check your anatomy all you want, and even though there may be normal variation, when it comes right down to it, this far inside the head it all looks the same. No, no, no, don’t tug on that. You never know what it might be attached to.

Scott-Davidtoday at 8:09 PM

[dead]