Re: in an object oriented world

To: songbird <songbird@anthive.com>
Cc: debian-user@lists.debian.org
Subject: Re: in an object oriented world
From: Lee <ler762@gmail.com>
Date: Fri, 26 Jan 2024 11:26:14 -0500
Message-id: <[🔎] CAD8GWsuawhSx_+-t0=FhtUTZeJH7nAnKfMuoY8r=gtSzfzKkXg@mail.gmail.com>
In-reply-to: <[🔎] mgnc8k-kh4.ln1@anthive.com>
References: <[🔎] ttdb8k-ssk.ln1@anthive.com> <[🔎] 87fryk7u12.fsf@sugarbit.com> <[🔎] mgnc8k-kh4.ln1@anthive.com>

Hi,

On Fri, Jan 26, 2024 at 8:46 AM songbird wrote:
>
> John Hasler wrote:
> > songbird writes:
> >> any process which does not respond should be thus cast into the outer
> >> darkness of the bits and never to return (aka a virus or unauthorized
> >> program).

Q: is javascript sourced from who knows where on the Internet
considered an unauthorized program?

if no, have you heard of "malvertising"?

> > Malware can lie.  A virus can infect an authorized program and use its
> > credentials.
>
>   objects are only created by authorized calls to other
> objects so there is no pathway to infect if done correctly.

I hate it when someone blithely tosses off that "if done correctly"
nonsense - ignoring the last 60+ years of computer history that shows
people more often than not CANNOT actually "do it correctly."

I came across this recently
  https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline

TL,DR: undefined behavior yields incorrect behavior
    if (i >= 0 && i < sizeof(tab)) {
        printf("tab[%d] looks safe because %d is between [0:%d]\n",
               i, i, (int)sizeof(tab));
        return tab[i];
    }
doesn't actually verify that i is always within limits.

$ cat bad-behavior.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

uint8_t tab[0x1ff + 1];

int safe = 0;

uint8_t f(int32_t x)
{
    if (x < 0)
        return 0;
    if ( safe ) { /* do a valid overflow check */
       if ((INT32_MAX / 0x1ff) <= x) {
          printf("overflow prevented!\n");
          return 0;
       }
    }
    int32_t i = x * 0x1ff / 0xffff;
      /* signed integer overflow yields undefined behavior */
    if (i >= 0 && i < sizeof(tab)) {
        printf("tab[%d] looks safe because %d is between [0:%d]\n",
               i, i, (int)sizeof(tab));
        return tab[i];
    }
    return 1;
}

int main(int argc, char **argv)
{
    (void)argc;
    memset(tab, 0, sizeof(tab));
    if ( strcmp(argv[1], "safe") == 0 ) safe = 1;
    return f(atoi(argv[2]));
}
/*
 * https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline
 *
 * gcc -O2 -o bad.exe bad-behavior.c
 * ./bad unsafe 50000000
 * tab[62183] looks safe because 62183 is between [0;512]
 */

$ gcc -O2 -o bad.exe bad-behavior.c

$ ./bad unsafe 50000000
tab[62183] looks safe because 62183 is between [0:512]

$ ./bad   safe 50000000
overflow prevented!


>   if you do not allow random objects to be created that
> are not verified and vetted then there are no viruses.

That sounds so very easy.  Not so easy to do in practice, but it sure
_sounds_ easy enough.

>   note, i'm just kicking this around and wondering if it
> really would be possible.

I'd vote for possible but improbable.

Regards,
Lee

Reply to:

References:
- in an object oriented world
  - From: songbird <songbird@anthive.com>
- Re: in an object oriented world
  - From: John Hasler <john@sugarbit.com>
- Re: in an object oriented world
  - From: songbird <songbird@anthive.com>

Prev by Date: Re: Home UPS recommendations
Next by Date: Re: rsync --delete vs rsync --delete-after
Previous by thread: Re: in an object oriented world
Next by thread: Playing a sound when initrd wants a password
Index(es):
- Date
- Thread