Re: in an object oriented world
Hi,
On Fri, Jan 26, 2024 at 8:46 AM songbird wrote:
>
> John Hasler wrote:
> > songbird writes:
> >> any process which does not respond should be thus cast into the outer
> >> darkness of the bits and never to return (aka a virus or unauthorized
> >> program).
Q: is javascript sourced from who knows where on the Internet
considered an unauthorized program?
if no, have you heard of "malvertising"?
> > Malware can lie. A virus can infect an authorized program and use its
> > credentials.
>
> objects are only created by authorized calls to other
> objects so there is no pathway to infect if done correctly.
I hate it when someone blithely tosses off that "if done correctly"
nonsense - ignoring the last 60+ years of computer history that shows
people more often than not CANNOT actually "do it correctly."
I came across this recently
https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline
TL,DR: undefined behavior yields incorrect behavior
if (i >= 0 && i < sizeof(tab)) {
printf("tab[%d] looks safe because %d is between [0:%d]\n",
i, i, (int)sizeof(tab));
return tab[i];
}
doesn't actually verify that i is always within limits.
$ cat bad-behavior.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
uint8_t tab[0x1ff + 1];
int safe = 0;
uint8_t f(int32_t x)
{
if (x < 0)
return 0;
if ( safe ) { /* do a valid overflow check */
if ((INT32_MAX / 0x1ff) <= x) {
printf("overflow prevented!\n");
return 0;
}
}
int32_t i = x * 0x1ff / 0xffff;
/* signed integer overflow yields undefined behavior */
if (i >= 0 && i < sizeof(tab)) {
printf("tab[%d] looks safe because %d is between [0:%d]\n",
i, i, (int)sizeof(tab));
return tab[i];
}
return 1;
}
int main(int argc, char **argv)
{
(void)argc;
memset(tab, 0, sizeof(tab));
if ( strcmp(argv[1], "safe") == 0 ) safe = 1;
return f(atoi(argv[2]));
}
/*
* https://thephd.dev/c-undefined-behavior-and-the-sledgehammer-guideline
*
* gcc -O2 -o bad.exe bad-behavior.c
* ./bad unsafe 50000000
* tab[62183] looks safe because 62183 is between [0;512]
*/
$ gcc -O2 -o bad.exe bad-behavior.c
$ ./bad unsafe 50000000
tab[62183] looks safe because 62183 is between [0:512]
$ ./bad safe 50000000
overflow prevented!
> if you do not allow random objects to be created that
> are not verified and vetted then there are no viruses.
That sounds so very easy. Not so easy to do in practice, but it sure
_sounds_ easy enough.
> note, i'm just kicking this around and wondering if it
> really would be possible.
I'd vote for possible but improbable.
Regards,
Lee
Reply to: