Skip to content

Details

![img](https://www.zdnet.com/a/img/resize/9b2de6701b1f16ec55a122d96bf79d237554416c/2023/10/05/c4c7e6df-3ed0-4b1b-b594-9d7ff415390c/looney-tunables-1.jpg?auto=webp&width=1280)

In this workshop we will be taking a deep dive into the anatomy of a real-world, serious vulnerability that came to light in Oct this year. The flaw occurs deep in the GLIBC code that is responsible for finding and loading shared libraries, meaning it is used by every Linux application!

You will be playing the role of code reviewer, responsible for ensuring good code quality. Reviewing is a different and under-appreciated skill from coding. We will be using this vulnerability to learn some effective code review techniques. What questions and requests should you be asking to make sure this flaw doesn't see the light of day?

Some experience in C/C++ programming will be required as we'll be staring at classic C doing pointer manipulation. And you will need access to a laptop to follow along because, although the code is only 80 lines long, that is too big to show on a screen.

Agenda:

18:00 - 18:30 Arrival, intros and social
18:30 - 20:20 Code Reviewing the Looney Tunes Vulnerability Workshop
20:20 - 20:30 Wrapping up

As usual, please try to arrive by 18:30 or let us know in advance if you're running late.

Events in Bristol, GB
Linux
Software QA and Testing
C & C++
Code Review
Vulnerability

Members are also interested in