Subj : Re: Minix
To   : tenser
From : Nightfox
Date : Thu Apr 18 2024 02:58 pm

  Re: Re: Minix
  By: tenser to Nightfox on Fri Apr 19 2024 08:19 am

 te> The bug I was thinking of was rather pedestrian, and was in the built-in
 te> web server.  It validated a user-supplied password against one that was
 te> stored somewhere (presumably flash or some kind of NVRAM).  The code was
 te> basically,

 te> if (strncmp(pass, userpass, strlen(userpass)) == 0) {
 te>    return SUCCESS;
 te> } else {
 te>    return FAILURE;
 te> }

 te> The bug, of course, is constraining to the length of the user supplied
 te> password; the effect was that entering _no_ password automatically
 te> authenticated the password (empty strings always compare equal).  The fix
 te> is to read the user password into a pre-zeroed buffer the same size as
 te> `pass` and then compare.

Whoops..  Honestly that might be a bug I might miss on first glance.  Gotta be careful about that kind of thing sometimes and always be thinking of how the various library functions work and what could go wrong.

 te> The issue with SGX was that it was easy to break out of the enclave.
 te> Whoops.

Doh!

On a side note, I know sales of movies & TV shows on blu-rays & such have dropped, and a lot of people aren't playing them on computers these days, but I always thought it was interesting how it was still possible to play blu-ray discs on a PC with certain restrictions - You had to use certain software and have your PC set up correctly with all the drivers working, etc. to enable the copy protection in software when playing optical discs.  I was reading into what the requirements were to play 4K blu-ray discs on a PC, and I thought it was a bit crazy - Among other things, you had to be using an Intel PC because the software used SGX, and also using Intel's internal video in order for the copy protection to be fully enabled and allow playback from disc to work.  The requirement for Intel internal video meant that if you're using a dedicated video card (Nvidia or AMD), then your PC wouldn't be able to play 4K blu-ray discs.  AMD PCs were out of the question.  Now that Intel's SGX is discontinued, 4K blu-ray disc playback on a PC just no longer works.  Of course, you can still rip the discs on any PC using disc ripping software, and then play the ripped video files.

Nightfox
--- SBBSecho 3.20-Linux
 * Origin: Digital Distortion: digdist.synchro.net (21:1/137)

.