Readit News logoReadit News
bah_humbug commented on RCE via ND6 Router Advertisements in FreeBSD   freebsd.org/security/advi... · Posted by u/weeha
bah_humbug · 4 days ago
> resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.

The fix consists of implementing an XXX present since the code was added:

    /*
     * XXX validate that domain name only contains valid characters
     * for two reasons: 1) correctness, 2) we do not want to pass
     * possible malicious, unescaped characters like `` to a script
     * or program that could be exploited that way.
     */
https://www.freebsd.org/security/patches/SA-25:12/rtsold.pat...

bah_humbug commented on Category Theory: Orders   boris-marinov.github.io/c... · Posted by u/todsacerdoti
bah_humbug · 5 years ago
The definition of antisymmetric relations is an unusual one. As given, it's incompatible with the definition of reflexivity (presumably there's an implicit assumption on `a ≠ b`).

The usual definition is `x ≤ y AND y ≤ x → x = y`.

b

u/bah_humbug

KarmaCake day18April 1, 2021View Original