Slashdot Mirror

← Back to Stories (view on slashdot.org)

Underhanded C Contest announces winners

Posted by CmdrTaco on from the games-people-play dept.

Matthew Skala writes "The 2005 Underhanded C Contest has announced its winners: the team entry from M Joonas Pihlaja and Paul V-Khuong, and the solo entry from Natori Shin. The contest (which appeared on Slashdot in June) tests programmers' ability to hide malicious behaviour in innocent-seeming code, making it a kind of evil shadow twin to the International Obfuscated C Contest."

12 of 150 comments (clear)

  1. Re:I'm still fond of this one by Anonymous Coward · · Score: 5, Informative

    This one almost made it into the Linux kernel.

    It *did* make it into the kernel for anyone using the BK-to-CVS gateway.

  2. Re:Will Code For Beer by jkfresh · · Score: 2, Informative

    It's not really funny if you are an alcoholic.

    http://www.aa.org/

  3. Runtime code generation by pkhuong · · Score: 4, Informative

    The CLR does JIT (or, at least, runtime) compilation. A common way to do so is to output the machine code on the stack. W^X usually breaks programs that do runtime code generation. Now, this is a WAG, but that's where my money's at.

    --
    Try Corewar @ www.koth.org - rec.games.corewar
    1. Re:Runtime code generation by ultranova · · Score: 2, Informative

      Who in the world generates code to the stack? Compiling code is expensive, so you want to cache it, that is, keep it around for a while, which means putting it on the heap.

      Well, you could make the compile function recursive. That is, compile a single method, then run it, and if it calls (at runtime) any other methods that haven't been compiled yet, call the compile function iteratively, passing a pointer to the point in stack where the code was executing.

      So how do you figure out which methods are compiled and where they are located ? Simple - you implement a linked list entirely on stack. Simply have another function, which allocates a single element in the stack, links it to the previous one, and then calls the compiler function, giving it a pointer to tell where it left (passed by the compiler function to the datastore function). Of course, you'd also need to pass the pointer to the start of the list as a parameter to all of these functions...

      Anyway, the point is that it would be horrendously complicated, it would be horrendously inefficient, it would be extremely easy to break unintentionally, and it would make implementing security features difficult for the afromentioned reasons - but it would be possible. In other words, it's just the way Microsoft would do it ;).

      Real fun begins if you want to allocate all the objects generated by the runtime on stack too...

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  4. Re:I'm still fond of this one by jnf · · Score: 5, Informative

    to anyone who makes a routine of putting their constants on the left hand side of the expression, that becomes not very hard to notice .. although intermixed with several megabytes of source it becomes less obvious. What I mean is: if (( (__WCLONE|__WALL) == options && 0 = current->uid)) will throw an error, whereas 0 == current->uid will not.

  5. Re:Important contest by Anonymous Coward · · Score: 2, Informative

    Sure do.

  6. Re:Will Code For Beer by anagama · · Score: 3, Informative

    Actually, what you describe is "positive punishment" (apply negative stimulus in the presence of a certain bahavior -- like a spanking for swearing). "Positive" is not used in the "good/bad" sense, put in the "plus/minus" sense.

    Negative reinforcement is a reward that occurs by subtracting an adverse stimulus from the environment. For example, Fridays are a form of negative reinforcement -- the withdrawal of a negative stimulus (work) is rewarding, makes people feel good/relieved, and thus, people come to really like Friday afternoons. http://en.wikipedia.org/wiki/Reinforcement#Positiv e_vs._negative

    --
    What changed under Obama? Nothing Good
  7. Re:I'm still fond of this one by Tim+C · · Score: 3, Informative

    It's not that assignments aren't allowed in if statements, but that Java has boolean types. So while a statement like i = 0 does return 0 (as in C), unlike C 0 is not false, it's an int, and so if (0) is a compile time error.

    You can still do things like if ((line = in.readLine()) == null) of course

    --
    It's official. Most of you are morons.
  8. Re:Important contest by BobaFett · · Score: 2, Informative

    The register article is a bit alarmist, at least compared to the response Linus gives in this thread : http://www.ussg.iu.edu/hypermail/linux/kernel/0311 .0/0621.html

  9. Ken Thompson... by Sam+Nitzberg · · Score: 4, Informative

    It's not exactly the same thing, but the most powerful and clever C code example with an 'underhanded' purpose must be Ken Thompson's classic...

    Reflections on Trusting Trust
    http://www.acm.org/classics/sep95/

    Other interesting papers that come to mind include Tom Duff's on Unix viruses, as well as McIlroy.

    Sam

    sam @ iamsam.com
    http: /www . iamsam . com

  10. Re:Bill Gates Entry by homesteader · · Score: 2, Informative

    This may very well be due to a bug in McAfee VirusScan 8.0i, assuming that is what you are running. There was a bug fixed by Patch 6, I think. Patches are cumulative, so you can just apply Patch 11 and the problem should be fixed.

    Patches are not available from the public download location. You may need to have a support contract to get them.

  11. Re:I'll tell you what's underhanded by Threni · · Score: 2, Informative

    Most of the archive (in .tar format) is a picture of a train. I don't understand. Why not just post the results a text on a html page? Too easy?