Formaggio makes Fromaggio out of VxWorks
Come on Reg
Canadian security researcher Yannick Formaggio has detailed a significant flaw in VxWorks, the real-time operating system (RTOS) made by Intel subsidiary Wind River. Speaking at the 44CON event made famous last week, Formaggio detailed how an integer overflow mess allows remote code execution in the operating system. Formaggio …
Edge conditions need to be in unit tests. So yeah, the initial phase of that testing is on the same person. Incompleteness of those tests should be caught in code review.
If it makes it past those two steps, then it's on the testers. But depending solely on QA is itself a bad practice.
"There are dedicated "testers" for that who don't actually program."
Non-programmers trying to test code. Gee, I wonder why so many commercial products are bug-ridden.
"Mashing these two activities up into single person is not good practice. At all."
Who said anything about "single person", DAM? Peer review works. Always has, always will.
My thought precisely.
The data link speed would require an excruciatingly slow buffer overflow.
The only way to exploit it is if the Martians have compatible hardware to overflow it, with the specialized string.
What is a race condition in a bounds checking routine?
.. in miniture anyway. I worked/was employed/went there on a daily basis at Windriver when those rovers were made. Windriver USA made (without checking with NASA) a whole load of RC miniture rovers with NASA and Windriver logos.
NASA pitched a bit of a fit about unauthorised use of their logo and so the minitures never got sold - instead we were allowed to take away a couple each on the strict understanding that we didn't *ever* try to sell them..
I gave one to my nephew and kept one - both (as far as I know) still in their original boxes.
Quite a few domestic routers use VxWorks, the venerable WRT-54G for example was one where the switch from linux to VxWorks garned a fair bit of publicity, and the 54GL was created to keep hackers happy.
I now wonder how many consumer devices there are on the internet potentially at risk to these vulnerabilities
Biting the hand that feeds IT © 1998–2019