At least it wasn’t on a Web page with the warning “Beware of the leopard”


In my discussion of the effect of ASLR on DLL rebasing, I wondered how vtables and other function pointers were handled in position-independent code. Commenter kantos replied, "It appears from a cursory google search that…"

I wanted to find out more, so I did some searching but couldn't find anything, so I asked for help with that cursory search.

"It was GCC PIC C++ which didn't get me to the answer directly, I had to go through the SO question that was the second result to get to this document by Ulrich Drepper, and then skim through until page 29 where it describes what's done in the virtual table case."

Okay, so I had to issue a Google search, click the second result, then go to the second answer (not the accepted answer), click a link enigmatically called "the document referenced by 0x6adb015", download the resulting 45-page PDF, and read through to page 29.

This doesn't strike me as a "cursory search".

Related: The more times you use the word "simply" in your instructions, the more I suspect you don't know what that word means.

Comments (28)

  1. JAHA says:

    I’ve worked with a lot of people who say “basically…”…it’s usually either unnecessary, or wrong.

  2. kantos says:

    I’m not even going to try to defend this.

    1. warrens says:

      Hopefully you now understand that there’s no value in subcommunicating how easy it was for you to get the answer to a question. Nobody’s interested in hearing you brag about your cleverness…. all you have to do is answer, and provide a link to further details if it’s suitable.

      1. Darran Rowe says:

        I will point out one important thing. Just because kantos found finding what he wanted easy, it is a bit of a push to equate that to bragging about cleverness.
        I know that I also had this kind of habit where I would feel that if I could find something easily, then everyone should. This is your subjective view influencing how you see things, nothing more.

      2. Kevin says:

        When I use the phrase “cursory Google search,” I’m not trying to make myself look clever at all. I’m trying to communicate that I don’t actually know what I’m talking about (because I’m just parroting what Google told me).

        1. pc says:

          Yes; I suspect what is being attempted to be conveyed here is “I did some clicking around via search engines, and found some stuff that I’m copying here, but it was getting to be too much work to actually feel like I could become completely informed on the topic.” That is, saying “cursory” was precisely *because* it was looking like the research wasn’t simple, and thus one didn’t feel like it was an exhaustive search.

          Now, “cursory” may not be the best word to convey that concept. It’s trying to emphasize “here’s what I can find after only a few minutes of research”, rather than “it will only take a few minutes of research”. I’m not sure what a better single-word choice would be offhand.

          Communication is difficult.

          1. Yeah, that’s how I interpreted kantos’ comment.

  3. skSdnW says:

    And 0x6adb015′ answer is not visible to most people because it was deleted so at least you got lucky that somebody edited their visible answer to include that link.

  4. Andrew says:

    In this context, a web reply, “it appears” and “cursory” are not intended to be literal but as disclaimers (IMHO).

  5. DWalker07 says:

    Well, kantos could have said “After a tricky google search, I found…”

  6. Alex Guteniev says:

    Tags Non-Computer.

  7. Chris says:

    At least it wasn’t on the second page (or higher) of the google results.

  8. pm100 says:

    for those not aware, the leopard reference comes from the hitchhiker guide to the galaxy. https://www.goodreads.com/quotes/40705-but-the-plans-were-on-display-on-display-i-eventually

  9. Well, perhaps, you’d have felt differently about what a “cursory web search” is if you had tried researching the notability of a subject for Wikipedia, which entails finding “significant coverage in reliable secondary sources that are independent of the subject itself.”

    In comparison, yes, that DOES strike as cursory to ME.

    1. Matt Denham says:

      Eh, that just invokes the humorous misdefinition of “cursory” as “something that makes you curse at it a lot”.

      1. cheong00 says:

        Oh, we also use this meaning here too. :P

  10. Joshua says:

    One of these days it’s going to be “simply” run this 300-character command with admin rights; where it turned out the guy’s idea of simple was copy the command and paste it into an admin command prompt.

    Yes, that is simple to do. No, knowing to do it is not simple unless someone tells you.

    1. Dave says:

      >One of these days it’s going to be “simply” run this 300-character command

      I think you’re in the wrong forum, Unix issues are discussed on a different blog.

      1. cheong00 says:

        Btw, I know lots of folks who counts everything that can be done in single liner “simple”, no matter you combine how many actual lines with “;” and “{}”.

        So, by this definition, most minified javascript are “simple”.

  11. haltiamreptar says:

    When I studied thermodynamics in the dark ages we used a textbook from the ambitiously named “Course in Theoretical Physics” by Landau and Liftshitz, translated from the original Russian. When they said it was easy to show how you got from one equation to the next, you knew you were in for a world of pain trying to replicate their results, and our instructor took perverse pleasure in asking us to do so!

    1. alegr1 says:

      …colloquially referred to as Landaftshitz

  12. poizan42 says:

    > This option only makes sense for shared libraries and you’re telling the OS you’re using a Global Offset Table, GOT. This means all your address references are relative to the GOT, and the code can be shared accross multiple processes.

    It also ensures that the main executable isn’t subject to ASLR, so yes please keep telling people that so we can always find us some good ROP gadgets at a known address for any not completely trivial program.

    Sincerely Yours
    – All the blackhats in the world

    1. Joshua says:

      Considering the platforms that support it I think a pointer to the GOT is in a register, which means ALSR works but once you get code running …

      1. poizan42 says:

        Once you have code running you have already defeated ASLR…

    2. kme says:

      There’s a separate option -fpie for the main executable.

  13. mikeb says:

    So, is this how a thermonuclear device says, “Thanks for the pointer, kantos”?

  14. Ted Spence says:

    Esoteric Hitchhikers references are the spice of life.

  15. Lou Kittup says:

    In my mind, “cursory” implies “quick, or simple, and sufficient”, and is enough to justify what follows.

    – “That is, saying “cursory” was precisely *because* it was looking like the research wasn’t simple, and thus one didn’t feel like it was an exhaustive search.”
    Then “cursory” is not the right word, because the research was not simple or sufficient.

    – “When I use the phrase “cursory Google search,” I’m not trying to make myself look clever at all. I’m trying to communicate that I don’t actually know what I’m talking about ”
    Using “cursory” does not communicate “I don’t know what I am talking about”. Better to use a word that does not imply “sufficient”. Even better, if one does not know what they are talking about, simply say nothing.

    -““it appears” and “cursory” are not intended to be literal but as disclaimers ”
    “Cursory” is not a disclaimer, it is a qualifier, it implies that something can be done quickly, and sufficiently.

Skip to main content