FreeBSD is a popular free version of Unix, much like Linux. In April, the FreeBSD project released a security advisory, which warned that any logged-in user could gain full control of, or "root access" to, almost any machine running any previous version of FreeBSD. The problem was due to a bug in a program called keyinit. It’s an atypical example of a confused deputy bug. However, it is often useful for programs to be allowed to do things their invokers can’t. In this month's bug report, Kragen Sitaker tells the story of this atypical "confused deputy" bug.
A witch hunt is the search for whoever let those darned bugs out into the field. How do you stop a witch hunt? The best way is to refocus attention from "someone to blame" to "something to fix." If you focus on what in the process is causing the defects and discuss how to minimize or even eliminate the causes, you have a real chance to turn things around.
The challenge: With one week to go before release, the product still needs to be put through its paces. The test team: A few developers, a network engineer, a receptionist, an office manager, and a CTO. In this real-life story, Geordie Keitt explains how one dot-com employed some nontraditional testers to uncover the bugs in their new system.
The nasty bugs, some of the juiciest, aren't easy to replicate. The author calls these "ghost" bugs–things we've seen but cannot conjure up again. They leave us haunted with doubts about a system. In this Bug Report, Karen Johnson gives tips on how to replicate these apparitions.