Do you like teapots? Fine, let us talk about the teapot currently orbiting the sun on the opposite side, so small, we cannot see it, but it is obviously there, ancient books and the elder says so. You do not believe me? Then where is your evidence for its not-existence? You cannot prove it? See: The teapot exist!
If it exists, it doesn't follow, that it is used for a tea, or in this case, that it has any military value over military satellites on the Earths orbit... even if it can disable sattelite, that doesn't follow that it is the best satellite disabler and that teapots function is exlusivelly to disable a satellite.
Sometimes stairs are just used as a stairs and there are no other functions for them, than just walk those steps up and down, up and down - every day.
Btw. as you can see in the figure about blood type distributions, »I am more likely to have a common blood type than a rare one"« is actually false. It is more likely to have any other type than A. But fair enough, neither of the blood types are very rare.
https://lwn.net/Articles/806776/ says, system-call-origin verification is for mitigation of ROP. ROP is (always?) a result of stack buffer overflows, which are a result of bad programming in asm/C/C++, but usually not a thing at all with modern languages like Go, Rust, Swift, Haskell, etc. while C/C++-programs usually use the libc already. This enforces programs written in such languages to use another layer, written in C, that is not really necessary but might introduce new vulnerabilities. Do I miss something?
The system call interface is usually written in an unsafe language such as asm anyways. Going through the libc is very unlikely to actually introduce vulnerabilities, especially if going through the lowest level function that directly wrap the syscall.
Not using the libc was always a risky proposition on BSDs anyways. They don't have a stable kernel ABI the same way the Linux kernel does. From OpenBSD's perspective, the stable ABI is the libc, and anything using the kernel ABI directly is liable for breakage with each update.
Geez man, way to take things out of context. Let me fix your quote:
> Going through the libc is very unlikely to actually introduce vulnerabilities, especially if going through the lowest level function that directly wrap the syscall.
Sure, glibc has a bunch of bugs. But the lowest level of functions, that just wrap the syscalls, are very unlikely to have bugs. Here's the `read` implementation, for instance:
All it does is delegate to the low-level syscall, with some extra handling around to handle async calls (which can be removed when compiling glibc yourself, but you're probably not doing this).
This one's written in asm, and you can't really simplify it all that much more.
All the functions that wrap the low-level syscalls are very hard to get wrong, really. Where the glibc bugs come from are the high-level functions, like pthread. But those can trivially be bypassed if necessary.
And where is the advantage then to have a `call syscall_wrapper` over `mov rax, syscall_number; syscall` if the ROP was able to return just before the call?
I wasn't making any claim on whether this mitigation is actually useful, I was simply stating it's unlikely to introduce more vulnerabilities than the status quo.
But since you're asking, I can think of two upsides:
1. It restricts the kernel attack surface available to only those syscalls that are exposed through the wrapper. (This is obviously dubious if the libc provides a generic syscall function, I don't know if OpenBSD libc has one).
2. It forces the ROP to either find the libc ASLR base, or to find a gadget that calls into the target libc function. This makes ROPs a lot harder to write.
As with any mitigations, they're mostly meant to make the attacker's life miserable. They're not full protections, and can often be bypassed. The point is to increase the cost of the attack.
The number of CVEs is for the most part a function of how-often-does-someone-look-at-it and only for a tiny part a function of safety. If I remember correctly, sometime ago a lot of CVEs appeared for OpenBSD, because someone seemed to have started looking for vulnerabilities and found a lot of quite trivial but severe ones. Therefore I am somewhat concerned about the the OpenBSD-libc, but neither have I looked at the code nor am I an expert. I see the point that the wrappers are probably safe, but yet the full libc is loaded and available for malicious code.
But to be fair: The libc is able to handle – either by caching or by implementing the functionality – some syscalls without actually invoking a syscall and such a library allows to have an unstable API for syscalls and might allow other mitigation tactics.
As a compromise: Why not multiple libraries (libc, libgo?, librs?) that are allowed to do syscalls? Yes, a larger code base to maintain but imho enforcing a single library is worse.
At least for rust, a librs would be hard to create due to the lack of a stable ABI. So even if you did a pure rust libstd (like the now defunct Steed[0]), you'd still need to either manually link that libc (breaking the mitigation), or rebuild your program each time the distro updates either libstd or the rust compiler.
I'm not sure what the situation for Go is. Assuming Go has proper support for dynamic loading and a stable ABI, it would be doable.
or Germany, where the only cost you might have is for the public transport ticket or something like that, and even this is often optional…I am actually curious why there are not so many students from the USA in German universities? Or is this due to language?
Foreign students usually don't fall under the same funding and have to pay full price, while EU citizens are entitled to the same level of support as localssl.
Which leads to fun times where English had to pay max UK rate at Scottish universities but EU citizens paid the same as Scots.
Except for Baden-Württemberg, which has tuitions for non-EU-students (1.5k€ per semester afaik), it is irrelevant whether you are German, EU-citizen or from somewhere else. The only tuitions you might have is for studying too long.
I assume this is because the US is not an EU member, so studying in Germany is not under the same conditions for them as for other EU members.
Also, Germany is somewhat difficult to navigate if you don't speak German, since you reach many roadblocks where people don't speak English (this is different in Denmark, but Denmark's nationalist party has abolished bachelor studies in English, so much for that).
Long time ago, I used PureBasic. It was easy to write simple GUI-applications with a bit of network stuff. But some day I had an issue and had to look at the assembly-output (it uses flat assembler as the backend) and saw something like `push eax` immediately `pop eax` and somehow I started to write stuff in fasm before I finally settled with rust. Yet I miss the simplicity of writing GUI-applications with pb in Rust.
