Announcement

Collapse
No announcement yet.

GCC 12 Ready To Help Fend Off Trojan Source Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by coder View Post
    Since C is the basis for so many modern languages, it's worth the time and effort to gain some familiarity with it. Also, it could give you a little more insight into the hardware or various things about UNIX, since C was created as a portable alternative to assembly language and then used to write a portable operating system (i.e. UNIX). Perhaps a couple things about UNIX will make more sense, when seen through the eyes of a C programmer.
    Yeah, beautiful UNIX design like umount, creat, BUFSIZ.

    Comment


    • #12
      Well that's a shame, I was looking forward to seeing what the The International Obfuscated C Code Contest (https://www.ioccc.org) did with this.

      Comment


      • #13
        With Visual Studio and VS Code you are protected against trojan source, but not with Atom, gedit or GNOME Builder.

        Comment


        • #14
          Originally posted by stormcrow View Post

          Without input checking on the variable that's being fed to %s it could potentially be disastrous. This is the kind of thing that launched a thousand DOS conditions. It's probably the same problem Apple ran into with their OS(es) and a DOS condition with specially crafted WIFI SSIDs.

          Example, let's say the output of the printf("%s\n") the variable contains improperly checked input from unknown users and is fed to a pipe. The piped command then executes whatever it's fed with an immediate enter. That's kinda out there, but the prevalence of piped output as unverified input is pretty common either on the shell prompt or in scripts. I don't know if that's what you're looking for.
          It's personal and I'm only passing on variables like "1" and "/dev/disk/by-id". It's just my lazy way to not have to remember to add a /n whenever I printf so I don't end up with a "Well, you're supposed to be on a new line" issue when I run a script.

          The kick in the nuts was the day before when I realized that I over-complicated things and that it was better to start over.

          Comment

          Working...
          X