Slashdot Mirror

← Back to Stories (view on slashdot.org)

5th Underhanded C Contest Now Open

Posted by CmdrTaco on from the i-c-what-you've-done-there dept.

Xcott Craver writes "The next Underhanded C Contest has begun, with a deadline of March 1st. The object of the contest is to write short, readable, clear and innocent C code that somehow commits an evil act. This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field. The prize is a gift certificate to ThinkGeek.com."

6 of 162 comments (clear)

  1. Re:Easy? by Anonymous Coward · · Score: 5, Informative

    *Way* more deceptive. The default value for the destination field? It's supposed to look innocent - an innocent program would note that you left out a destination and prompt you to enter one. Any basic debugging done by someone else would turn this up. What they want is for you to leave a "comment" like "this package is top-heavy" (in a field designed for such comments) that changes the destination, but in a way such that someone reading the source code wouldn't realize anything was happening at all much what that you were changing the destination. Also such that whoever entered the text wouldn't obviously be at fault.

  2. Contest or Job Posting? by Anonymous Coward · · Score: 5, Funny

    a luggage routing program that mysteriously misroutes a customer's bag

    sounds like Delta is looking for new programmers

  3. Re:This sounds familiar to, by Anonymous Coward · · Score: 5, Funny

    I was going to say, don't forget Perl programmers, but then I remembered the legibility requirement.

  4. Re:Watch list? by markkezner · · Score: 5, Insightful

    Funny, but you've got a point. What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it. Would you hire that guy?

    It's not worth the $100 gift certificate.

    --
    Dangerous, sexy, turing complete: Femme Bots
  5. Re:I'm really impressed by troll8901 · · Score: 5, Interesting

    Here's some points I'd like to highlight, from the 2008 Winners.

    • Linus Akesson: The BYTESPERPIXEL macro "gives the false impression that the code intelligently supports higher bit widths" but actually "causes the 8-bit case to leak information into the file" (by exploiting a buffer overflow). ... (thus allowing wiped image data to be reconstructed.)
    • Avinash Baliga: The ExpectTrue macro overwrites the image mask (by exploiting a buffer overflow), allowing two bits to survive the wiping, (thus allowing wiped image data to be reconstructed). Furthermore, the evil behavior is concealed in an innocent-looking error checking macro.
    • John Meacham: (Winner) The code is "extremely simple, innocent, obvious" ... and devious. "Low-intensity pixels are replaced with a ‘0, and high-intensity pixels replaced with a ‘00 or a ‘000" ... (thus allowing wiped image data to be reconstructed.)

    All I can say is, Wow.

  6. Write up of last entry by John+Meacham · · Score: 5, Informative

    I am the winner of the previous underhanded C contest. If anyone is interested, I wrote up a description of my entry on my blog here: http://notanumber.net/archives/54/underhanded-c-the-leaky-redaction

    It was a fun contest to enter and now I can shop at thinkgeek for silly gadgets without feeling guitly :)

    --
    http://notanumber.net/