Secure Coding mailing list archives

GCC and pointer overflows [LWN.net]

From: Jeremy.Epstein at softwareag.com (Epstein, Jeremy)
Date: Thu, 1 May 2008 13:00:34 -0400

Ken, a good example.  For those of you who want to reach much further
back, Paul Karger told me of a similar problem in the compiler (I don't
remember the language) used for compiling the A1 VAX VMM kernel, that
optimized out a check in the Mandatory Access Control enforcement, which
separates information of different classifications (*).  [For those not
familiar with it, this was a provably secure kernel on which you could
host multiple untrusted operating systems.  Despite what some young-uns
seem to think, VMs are not a new concept - they go back at least three
decades that I know of, and possibly longer.  The A1 VAX effort ended
roughly 20-25 years ago, to give a timeframe for this particular
compiler issue.]

--Jeremy

(*) At least that's what my memory tells me - if Paul is on this list,
perhaps he can verify or correct.

-----Original Message-----
From: sc-l-bounces at securecoding.org 
[mailto:sc-l-bounces at securecoding.org] On Behalf Of Kenneth Van Wyk
Sent: Thursday, May 01, 2008 9:14 AM
To: Secure Coding
Subject: [SC-L] GCC and pointer overflows [LWN.net]

FYI, here's an interesting article (and follow-on 
discussions) about a recent bug in the GCC compiler collection.

http://lwn.net/Articles/278137/

The bug, which has been documented in a CERT advisory, 
affects C code in which, under some circumstances, buffer 
bounds checking can be optimized out to produce binaries that 
are susceptible to buffer overflows.  The article includes a 
couple examples that really help illustrate the issue -- very 
interesting reading, IMHO.

Of course, many/most SC-Lers will no doubt jump on this as 
another example of why C is such a dangerous language to 
write (secure) code in, and that's fine.  But, I see the 
issue at least a little
differently: a compiler making decisions for the programmer 
and producing executable code that does not accurately 
conform to what the programmer coded.  We've all heard of 
security-related optimizing issues for years, right?  Well, 
here's a prime example of one in action.

Cheers,

Ken

-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com

Current thread:

GCC and pointer overflows [LWN.net] Kenneth Van Wyk (May 01)
- GCC and pointer overflows [LWN.net] Robert C. Seacord (May 01)
- GCC and pointer overflows [LWN.net] der Mouse (May 01)
- GCC and pointer overflows [LWN.net] Epstein, Jeremy (May 01)
  - GCC and pointer overflows [LWN.net] ljknews (May 01)
  - GCC and pointer overflows [LWN.net] Leichter, Jerry (May 01)
    - GCC and pointer overflows [LWN.net] ljknews (May 01)