And I've yet to see anyone explain why it's even remotely reasonable that a malformed graphics file should allow arbitrary code to run under the SYSTEM account.
It's probably one of those things they "had" to do to maintain ass-backwards compatibility with ancient Windows versions, dating back to the pre-networking era. If you read Petzold, or just look at the exports of GDI32.DLL, you'll notice that functions for handling metafiles are right there next to your regular drawing primitives and so forth. It seemed like a good idea at the time, and now we're stuck with it.
Well, we're not really stuck with it. I have no Windows boxes at home. While one certainly can't rule out the possibility of, say, a PDF vulnerability in OSX (PDF being essentially the "metafile" format on OSX), it's not clear whether that would immediately hand over root access on the box. Even if it did, the bug wouldn't be exploited to anywhere near this degree. I definitely will at some point go off on a rant about crappiness in the Unix world, but not today.
In happier news for the PC (and soon Mac) universe, Intel's just unveiled its shiny new corporate logo. And now you know.
Meanwhile, in happier news for the Linux universe, it's always fun when Linus calls 'em like he sees 'em.
And then the thread continues.
Pretty much the ONLY people who ever complain about those internal kernel
interfaces changing are the free-loaders. It's hard for them, because they
don't want to play according to the rules. Tough. Watch me not care:
[ Linus sits in his chair, patently not caring ]
See?
In that spirit, here's a webcam where you can watch live Gentoo penguins in the wild, from a German+Chilean research station in Antarctica. What's really fun is that the station itself isn't primarily concerned with penguins; the big dish in the background is the main deal, and it's used for satellite tracking and VLBI. Which further supports my hypothesis that there's a deep and mystical connection between astronomical research and cute wildlife, for example see my WOMBAT post from a few days back. I can't explain the connection, but I find it oddly comforting.
No comments :
Post a Comment