guest - flak

who even calls link_ntoa?

So there’s a buffer overflow in link_ntoa. What does this mean? CERT says an attacker may be able to execute arbitrary code, but who can be an attacker? Where is link_ntoa used?

What does link_ntoa even do? I’ve never heard of this function before.

The link_ntoa() function takes a link-level address and returns an ASCII string representing some of the information present, including the link level address itself, and the interface name or number, if present. This facility is experimental and is still subject to change.

Networking something or other I guess.

First place to look is in libc itself, where the function lives. The implementation lives in net/linkaddr.c but it’s the declaration that’s of particular interest.


The PROTO_DEPRECATED macro marks a function as exported from the library, but not for use internally. We can also verify with grep that nothing in libc calls link_ntoa, but with the symbol marking we can be confident we haven’t missed any thing.

Moving on to base, we find a few occurrences.

sbin/route/route.c: printf("%s: link %s; ", which, link_ntoa(&su->sdl)); sbin/route/show.c: return (link_ntoa(sdl)); usr.bin/netstat/show.c: return (link_ntoa(sdl));

This is used to print route information obtained from the kernel. So if you haven’t patched yet, before you run route show again, make sure you trust the kernel.

Posted 2016-12-07 03:00:07 by tedu Updated: 2016-12-07 03:00:07
Tagged: openbsd software


I’ve had a paper copy of Transmetropolitan Volume 1 sitting around the house for about a year, but finally sat down and read it last week. Immediately ordered the full set of ten volumes. (This was an easier decision when the Kindle version was only $6.) I was startled by how it’s a marvelous commentary on current culture and events. At first glance, I saw the copyright date for the collected volume, which is 2009, but the original issues were published starting in 1997. Twenty years later it’s still fresh.

Each volume collects six issues and represent a single story arc, although the volumes also fit together pretty tightly. Most issues are fairly typical narratives (but in a very atypical world), but there’s usually about one more experimental issue per volume. It takes about half of the first volume to establish the world and get up to speed, but after that it’s full steam ahead.

I’d summarize the themes and aspects I really like, but that’s actually pretty hard. Better to just recommend you read it for yourself. Not much of a review. Some panels I liked, which seem relevant.

On callous indifference.

On advertising and tracking culture.

On elected officials.

On tech centric lifestyles.

Haven’t finished the entire series yet, but it’s been great so far.

Posted 2016-12-01 23:57:20 by tedu Updated: 2016-12-01 23:57:20
Tagged: bookreview

openbsd changes of note 2

Things happened, stuff changed.

X550 support among other ix changes and cleanup.

Ongoing switch work. Better OpenFlow compat. You know it’s serious when tcpdump gets an update.

Loongson 3A support.

Turn ipstat into a set of percpu counters. Per CPU counters allow simple statistics to be collected in a lockless manner, collating them as necessary. The basic mechanism was introduced a little earlier in October.

Hydrogen bomb fixes.

Dedicated build user builds for xenocara.

Some iwm diffs, since committed. reducing rx latency. ack rates. reduce retry limit.

PCI info ioctl for DRM.

Assorted changes to pool memory management. More mbuf pool changes to come.

Something else of potential interest: pine64 bootloader.

Posted 2016-11-23 02:37:09 by tedu Updated: 2016-11-23 02:37:09
Tagged: openbsd software

action of no action required

From AT&T

From: "AT&T" <> To: Date: Fri, 18 Nov 2016 17:07:07 -0500 Subject: Ted, Action required. We're writing to confirm that this is your current email address. If this email address is still current, you don't need to do a thing.

Translation: action required -> no action required. Jerks.

Posted 2016-11-18 19:29:33 by tedu Updated: 2016-11-18 19:29:33
Tagged: mailfail

openbsd changes of note

Stuff happened, things changed.

mcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.

Continue reading openbsd changes of note...

Posted 2016-11-16 21:28:16 by tedu Updated: 2016-11-16 21:28:16
Tagged: openbsd software

Mini Metro

A fun iPhone (and many more) game. Your job is to build and manage an ever growing subway system, until eventually unhappy riders revolt. The gameplay is fairly simple, with very few different types of resource to manage, but each play through is different. I’m still working out a few strategies, but just when I think I’ve nailed it, I’ll get an uncooperative map. It’s both like and unlike Flight Control. In many ways better. More variation. The intensity builds up over time, but it never demands unblinking concentration. More strategy than action. The game strikes a very good balance between abstraction and realism. Station types and passengers are just shapes like circle and square, but it’s easy to imagine them as residential and commercial districts.

Posted 2016-11-14 20:01:17 by tedu Updated: 2016-11-14 20:07:19
Tagged: games review

how to influence friends and win people

I rarely comment about politics, and rarely regret not posting, but this is one of those times I thought about saying something earlier and didn’t, and now I regret it. This should have been said months ago, but there will be more elections to come, so better late than never. It’s about talking to people, but don’t worry, it has nothing to do with respect.

There are two ways to persuade people. Find something they care about and convince them you’re right, or convince them to care about something, and then convince them you’re right. The second is a lot more work than the first.

The more obviously persuasive an argument seems to you, the less persuasive it probably is for the people who don’t already agree. This doesn’t mean they can’t be persuaded, but it means shouting louder won’t work. It’s like pulling a lever to effect a change. Some of the levers are connected, and some aren’t, and it doesn’t matter how hard you pull on the ones that aren’t. The levers that are connected, however, still work.

Continue reading how to influence friends and win people...

Posted 2016-11-14 01:38:18 by tedu Updated: 2016-11-14 01:38:18
Tagged: politics thoughts

production ready

A few thoughts on what it means for software to be production ready. Or rather, what if any information is conveyed to me when I’m told that something is used in production. Millions of users can’t be wrong!

Some time ago, I worked with a framework. It doesn’t matter which, the bugs have all been fixed, and I don’t think it was remarkable. But our team picked it because it was production ready, and then I discovered it wasn’t quite so ready.

Egregious performance because of a naive N^2 algorithm for growing a buffer.

A timezone library that could handle DST, but couldn’t handle the absence of DST, as in it would crash in such exotic locales as Arizona that don’t have DST.

A mail library that didn’t escape dots, thus terminating the SMTP conversation early.

Continue reading production ready...

Posted 2016-11-11 20:11:29 by tedu Updated: 2016-11-11 20:11:29
Tagged: software thoughts


Hello there, inquisitive friend! I’m pleased to announce the newest Links As A Service offering. It’s called inks which is like links, but without the L for loser. Basically Reddit or Hacker News, but without the disagreeable trolls and military industrial complex shills downvoting everything to hide the truth.

Posted 2016-11-06 18:40:26 by tedu Updated: 2016-11-06 18:40:26
Tagged: project web

an enchanted forest fable

One day you wake up, infused with the entrepreneurial spirit. Enthused even. The time has come to bring forth your vision of a better future. You hike up the road to magic mountain to meet the wizard. Impressed with your spark, he gives you his blessing and so you go to work. Soon, your dream will become reality. Banana peeling as a service.

A few short months later, and you already have 101 customers. Growth is spectacular! Just like the wizard and his magic beans promised. Of course, 99 of those customers are fellow inhabitants of magic mountain and the other two are your mom and college roommate, but magic growth is magic growth.

A few long months later, and you still have 101 customers. But not to worry. Elsewhere on magic mountain there’s a deep fried burritos as a service dream become reality, and they actually have paying muggle customers. With only a tiny pivot, your banana peeling expertise can become burrito unwrapping expertise. You are a true master of the monad. And so, your incredible journey synergizes into theirs.

Some may ask why it was necessary to absorb an entire village of banana peelers instead of hiring a single burrito unwrapper, and why it was necesssary to pay everyone so many millions of hexes, but that’s just quibbling. The council of elder wizards met under the moonlight and decided this was the happiest outcome for everyone.

The end.

Posted 2016-11-04 19:02:18 by tedu Updated: 2016-11-04 19:02:18
Tagged: business