Slashdot Mirror

← Back to Stories (view on slashdot.org)

5th Underhanded C Contest Now Open

Posted by CmdrTaco on from the i-c-what-you've-done-there dept.

Xcott Craver writes "The next Underhanded C Contest has begun, with a deadline of March 1st. The object of the contest is to write short, readable, clear and innocent C code that somehow commits an evil act. This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field. The prize is a gift certificate to ThinkGeek.com."

17 of 162 comments (clear)

  1. Watch list? by girlintraining · · Score: 4, Funny

    This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

    All participants will also receive complimentary cavity-searches at airport checkpoints.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Watch list? by w0mprat · · Score: 4, Funny

      This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

      I am certain that this is already a feature of existing luggage routing software.

      --
      After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
    2. Re:Watch list? by markkezner · · Score: 5, Insightful

      Funny, but you've got a point. What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it. Would you hire that guy?

      It's not worth the $100 gift certificate.

      --
      Dangerous, sexy, turing complete: Femme Bots
    3. Re:Watch list? by Applekid · · Score: 4, Insightful

      Would you hire that guy?

      Definitely, but maybe for QA or as a Code Review consultant. Of course, I'm assuming that the winner of the contest would also be clever enough to detect hidden maliciousness in others' code.

      --
      More Twoson than Cupertino
  2. Wait a sec... by Anonymous Coward · · Score: 4, Funny

    | This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.

    What, we actually need to write code for something that happens by nature?

    1. Re:Wait a sec... by bcong · · Score: 4, Funny

      the current method of writing in:
      "Package Handler,
      Customer was an asshat...you know what to do"
      was starting to get noticed

  3. Re:Not fair! by fuzzyfuzzyfungus · · Score: 4, Funny

    Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?

  4. Re:Easy? by Anonymous Coward · · Score: 5, Informative

    *Way* more deceptive. The default value for the destination field? It's supposed to look innocent - an innocent program would note that you left out a destination and prompt you to enter one. Any basic debugging done by someone else would turn this up. What they want is for you to leave a "comment" like "this package is top-heavy" (in a field designed for such comments) that changes the destination, but in a way such that someone reading the source code wouldn't realize anything was happening at all much what that you were changing the destination. Also such that whoever entered the text wouldn't obviously be at fault.

  5. Contest or Job Posting? by Anonymous Coward · · Score: 5, Funny

    a luggage routing program that mysteriously misroutes a customer's bag

    sounds like Delta is looking for new programmers

    1. Re:Contest or Job Posting? by Sebilrazen · · Score: 4, Funny

      No, that challenge would have random 3 hour tarmac waits generated too.

      --
      "There are no facts, only interpretations." --Friedrich Nietzsche.
  6. I'm really impressed by troll8901 · · Score: 4, Informative

    I've read the entire blog, and I must say, I'm impressed. Very impressed. Very, very impressed.

    The person who writes the criteria knows what he's/she's writing about.

    And the winners who submit the results are really, really good.

    1. Re:I'm really impressed by troll8901 · · Score: 5, Interesting

      Here's some points I'd like to highlight, from the 2008 Winners.

      • Linus Akesson: The BYTESPERPIXEL macro "gives the false impression that the code intelligently supports higher bit widths" but actually "causes the 8-bit case to leak information into the file" (by exploiting a buffer overflow). ... (thus allowing wiped image data to be reconstructed.)
      • Avinash Baliga: The ExpectTrue macro overwrites the image mask (by exploiting a buffer overflow), allowing two bits to survive the wiping, (thus allowing wiped image data to be reconstructed). Furthermore, the evil behavior is concealed in an innocent-looking error checking macro.
      • John Meacham: (Winner) The code is "extremely simple, innocent, obvious" ... and devious. "Low-intensity pixels are replaced with a ‘0, and high-intensity pixels replaced with a ‘00 or a ‘000" ... (thus allowing wiped image data to be reconstructed.)

      All I can say is, Wow.

  7. Re:This sounds familiar to, by Anonymous Coward · · Score: 5, Funny

    I was going to say, don't forget Perl programmers, but then I remembered the legibility requirement.

  8. For extra points: by w0mprat · · Score: 4, Funny
    For extra points submit this to your favourite open source project and have it accepted into the main code release - since it appears to be prefectly geniune, compiles, and can do what it appears to - it's certainly possible. Finally demonstrate your backdoor when the project is released to the wild.

    If you manage to get this into the GNU/Linux Kernel, you get a job at the NSA.

    Write short, readable, perfectly innocent looking C code, that somehow commits an evil act under certain circumstances.

    --
    After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
  9. Totally opposite by SuperKendall · · Score: 4, Informative

    The true "Underhanded" program would be one that was perfectly readable, so readable in fact that you totally overlook the sneaky thing it was doing because what you think it's doing seems so clear.

    The ObsfuC contest is all about code that even after staring you can't tell what the heck is going on.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  10. Re:Easy? by Tyler+Durden · · Score: 4, Funny

    C motherfucker, do you speak it?!

    --
    Happy people make bad consumers.
  11. Write up of last entry by John+Meacham · · Score: 5, Informative

    I am the winner of the previous underhanded C contest. If anyone is interested, I wrote up a description of my entry on my blog here: http://notanumber.net/archives/54/underhanded-c-the-leaky-redaction

    It was a fun contest to enter and now I can shop at thinkgeek for silly gadgets without feeling guitly :)

    --
    http://notanumber.net/