Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Robert Thau @rst@mastodon.social

3/21/2026, 2:50:23 AM

Public

@lcamtuflcamtuf This code has a lot of problems. Like the race vuln in /bin/mkdir.

In pdp-11 Unix, mkdir was a suid-root program that did a mknod to create the directory, and then a chown to change its ownership to other-than-root. But something else could rename the directory after the mknod, and replace it with a link to, e.g., /etc/passwd, which would then get chowned.

On later versions with ^Z job control, a ^Z on mkdir had good odds of catching it between the two syscalls; no code required.

If you have a fediverse account, you can quote this note from your own instance. Search https://mastodon.social/users/rst/statuses/116264889471897485 on your instance and quote it. (Note that quoting is not supported in Mastodon.)