CppCon 2018: Patricia Aas “Software Vulnerabilities in C and C++”

Показать описание

—
—
What does a vulnerability using signed integer overflow look like? Or a stack buffer overflow? How does code like this look and how can we change the way we program to reduce our risk? The first half of this talk will show examples of many different vulnerabilities and describe how these are combined to make the first steps of an exploit. Then we will discuss what kind of programming practices we can employ to reduce the chances of these kinds of bugs creeping into our code.
—
Patricia Aas, TurtleSec
Programmer

Patricia has been programming C++ professionally for 13 years, she started out working on the Opera desktop browser and has looped back to browser making in the recent years, now working on the Vivaldi browser with many ex-opera colleagues. While away from the browser world she did a stint as a Java consultant coming back to C++ when working on embedded teleconference systems at Cisco. For the last couple of years she has begun doing public speaking, after only doing in-house speaking before. She is passionate about the tech industry and its impact on peoples lives. Since January she has been active in the #include＜C++＞ community where she is one of the admins.
—

*-----*
*-----*

Рекомендации по теме

Комментарии

Fantastic job explaining the way exploits are written. Thanks!!

bobbymah

34:45, I once generated a dragon of a bug by cleverly compress 2 lines into 1. It ended up with ?: inside ?:, I don't know how many times. I guess there were 8 cases, in which those ?: were wrong about 2 of them. Automated tests would had clean that easily.
38:37, could you give an example? I use old style enum _a lot_, and I don't get into trouble.

MrAbrazildo

Great introduction for a programmer audience.
What I didn't get is what is meant by not allocating via new. The solution can't be make_shared, since it's also on the "not to do list", malloc is a worse idea, as, I presume, is not allocating on the heap at all. Should we put everything in pre-allocated buffers :-)? Can anybody clarify?

firstnamelastname

Not something to be proud of but her claim at 30:20 is wrong: "Incorrect type conversion [...] something you can do in C and C++ that you can't do in other languages". Here is a D program that does the same:

struct A {}
struct B {}

void main() {
auto a = new A();
auto b = cast(B*)a;
}

alicehreli

"turtle sex" on the first slide?

youtou

Totally a waste of time, for the same subject watch Matthew Butler's talk.

tauicsicsics

CppCon 2018: Patricia Aas “Software Vulnerabilities in C and C++”

CppCon 2018: Patricia Aas “Software Vulnerabilities in C and C++”

Make It Fixable: Preparing for Security Vulnerability Reports - Patricia Aas [ CppCon 2018 ]

CppCon 2018: Panel “Software Security”

CppCon 2018: Panel “Software Security”

Classic Vulnerabilities - Patricia Aas - NDC Security 2022

CppCon 2018: “Secure Coding Best Practices: Your First Line Is The Last Line Of Defense (2 of 2)”...

Especially nasty bug in our network scanner - Martin Šmarda [ CppCon 2018 ]

Trying to build an Open Source browser in 2020 - Patricia Aas

Patricia Aas: Reading other peoples code | Web Rebels 2018

CppCon 2018: “Closing Panel: Spectre”

Introduction to memory exploitation - Patricia Aas - Meeting C++ 2021

Classic Vulnerabilities - Patricia Aas - ACCU 2022

Dependency Management in C++ - Patricia Aas - NDC TechTown 2021

Reading other peoples code - Patricia Aas

CppCon 2019: Matthew Butler “If You Can't Open It, You Don't Own It”

CPPP 2019 - The Anatomy of an Exploit - Patricia Aas

Reading other peoples code - Patricia Aas

The Anatomy of an Exploit - Patricia Aas [ACCU 2019]

Patricia Aas — Trying to build an open source browser in 2020

Reading other peoples code - Patricia Aas

Linux Security APIs and the Chromium Sandbox - Patricia Aas

The Anatomy of an Exploit - Patricia Aas

Secure Programming Practices in C++ - NDC Security 2018

The floor is lava, trying to teach C++ - Patricia Aas - Meeting C++ 2022