Slashdot Mirror

← Back to Stories (view on slashdot.org)

Underhanded C Contest announces winners

Posted by CmdrTaco on from the games-people-play dept.

Matthew Skala writes "The 2005 Underhanded C Contest has announced its winners: the team entry from M Joonas Pihlaja and Paul V-Khuong, and the solo entry from Natori Shin. The contest (which appeared on Slashdot in June) tests programmers' ability to hide malicious behaviour in innocent-seeming code, making it a kind of evil shadow twin to the International Obfuscated C Contest."

4 of 150 comments (clear)

  1. good to see by garat · · Score: 5, Insightful

    Having a contest like this has similar positive aspects as full disclosure concerning vulnerabilities; by providing examples of how it's done, people will be better able to spot such attempts were they to occur. I'm happy to see this contest being held.

    --
    Support alternatives to Paypal: http://www.e-gold.com
  2. Making Wrong Code Look Wrong by lelkes · · Score: 3, Insightful

    It would be extremely important to use coding standards which make wrong code look wrong. Not only that it would be more difficult to inject malicious code, but if somebody made mistakes, it would be really easy to discover it.
    Joel has a great article on this.

  3. Re:Runtime code generation by nothings · · Score: 3, Insightful

    Who in the world generates code to the stack? Compiling code is expensive, so you want to cache it, that is, keep it around for a while, which means putting it on the heap.

  4. Re:I'm still fond of this one by ipfwadm · · Score: 3, Insightful

    And the attempted backdoor in question put the parens around the assignment, thus avoiding the warning.