how can memory safe code STOP HACKERS?

preview_player
Показать описание

Memory safety is something that we all can't just continue to ignore. But first, before we care about memory, safety, what does that even mean? Is C a memory safe language? Is Rust? How can we count on our code to do what we tell it.

In this video we'll discuss what memory safety is, some violations of memory safety, and how other languages make it better.

🏫 COURSES 🏫

🔥🔥🔥 SOCIALS 🔥🔥🔥
  1. Low Level
  2. c programming
  3. c programming
  4. rust
  5. rust vs c
  6. rust vs go
Рекомендации по теме
how can memory 0:07:43

how can memory safe code STOP HACKERS?

Breaking Rust’s memory 0:04:37

Breaking Rust’s memory safety with 1 line of code

Can C be 0:00:51

Can C be Memory Safe?

Explaining memory safety 0:05:16

Explaining memory safety

How rust forces 0:06:01

How rust forces you to respect memory

how can memory 0:06:23

how can memory safe code stop hackers

Memory Safe Languages 0:23:42

Memory Safe Languages DO NOT PREVENT MEMORY LEAKS

This Is How 0:05:53

This Is How Rust Stops Memory Leaks

3. Java Failsafe 0:01:30

3. Java Failsafe Collections Explained: Never Fail with Your Code! #failsafe #javainterviewquestions

Do developers need 0:01:00

Do developers need to use memory-safe programming languages now? 🔐

Why the sudden 0:04:38

Why the sudden attention on 'memory safe' languages like Rust?

Good practice for 0:08:17

Good practice for freeing memory in C

You can still 0:00:34

You can still have memory errors in Rust

CISA is NOT 0:00:25

CISA is NOT Using Memory Safe Code #cisa #infosecnews #podcastclips #code #opensource #projects

Finally solve memory 0:08:03

Finally solve memory leaks in C++!

Automated Code Repair 0:29:24

Automated Code Repair for Memory Safety

What is memory 0:03:22

What is memory leak?

Memory Safety: Rust 1:00:54

Memory Safety: Rust vs. C - Robert Seacord - NDC TechTown 2024

i wrote my 0:05:23

i wrote my own memory allocator in C to prove a point

2020 LLVM Developers’ 0:35:05

2020 LLVM Developers’ Meeting: “Checked C: Adding Memory Safety to LLVM”

The Rust Memory 0:26:09

The Rust Memory Safety Model explained

-memory-safe C++ - 1:05:45

-memory-safe C++ - Jim Radigan - CppCon 2022

Android Memory Safety 0:07:57

Android Memory Safety Tools

DConf Online 2020 0:24:43

DConf Online 2020 Keynote #1 - Destroy All Memory Corruption - Walter Bright

Комментарии
Автор

Hmm, as an 'old school' programmer, we used to (sometimes do) use such memory unsafety as a feature, not as a bug (e.g. following arbitrary pointers that the engineer knows about to get a desired value, then calculating the offset between the desired location and an array under your control, then addressing that location using an array index that's out of bounds of the original declared intent). We did this for efficiency and speed at a time when memory and CPU resources were massively more constrained than they are.

I'm kind of glad that such acts are dying out, but there's a twinge of nostalgia and a worry that future SW engineers will come across such code and not be able to understand its function and thus, struggle to maintain it.

labrat
Автор

I really like that you emphasized the last part "Memory Safe != Memory Secure" since I hear many times that unsafe code is insecure code. But the same could be true with safe code if not implemented properly as well. Although, I believe that memory safe languages can help lessen the time to fix memory related bugs or security issues.

socvirnylestela
Автор

"The author of this code managed to pack 7 bugs into it"



That would sound like me, but I don't program in C/C++.

costelinha
Автор

Nice video! I believe there's another point to be considered; safety versus freedom. Specially in C, you are absolutely free as programmer, you can freely read and write to memory, reinterpret it, execute memory as code, do whatever. That's a powerful feeling and gives you a sense of control over the hardware. I do think safety is extremely important and the main problem in C, but I think that's why both Rust and C have their places.

LogicEu
Автор

3:45 That's quite the hot take, and I'd have to agree. They don't call C "portable assembly" for nothing. Whether intended or not, it assumes the programmer understands at least one assembly language and computer architecture in general, without giving you the ability to micromanage it. Hell, even I understand assembly and still find C difficult to use. If I have to interact directly with hardware ports I find assembly much easier to write. None of that *(volatile unsigned int*) mumbo jumbo.

williamdrum
Автор

It's really important to consider these things. Your vids are much appreciated

heitortremor
Автор

I'd be really cool to see how you would take control of the system using this code if you could also set the point values. Exploiting something like this is something that I hear a lot about, but nobody really ever shows an example of it in action to drive the point home and show how this stuff actually works.

spiderjockey
Автор

I think its good to have and use Rust for programs that need memory safety to prevent exploits that could create critical damage, but I still prefer to have absolute controll over execution flow and memory management in programs that don't need to be memory safe. Having bugs and playing around with them is fun and actually a good way to learn how to prevent them and also gives me the ability to hack my calculator.

thediaclub
Автор

At work I've used mostly Rust but also C, I think my C code is better as a result of being scolded by the rust compiler over and over again.

FudFst
Автор

Any chance on you creating a course or series on how to write C programs securely ?

ReptilianXHologram
Автор

I like unsafe memory because i like jailbreak exploits and i love the c programming language (not only for that).

blastygamez
Автор

the problem is between the chair and the screen monitor

yoelbinyominsuarez
Автор

Well, everybody who knows C is aware that C is unsafe, but it's also very efficient and easy to learn. And there are tools like Valgrind which helps you to prevent memory leaks, segfaults, etc.
C/C++ is so entrenched in the IT world, that I highly doubt it will be replaced in the near future by something like Rust.

matyasmarkkovacs
Автор

this only makes sense to me now because I started learning Rust (started out with Python 😪), thanks for this demo with C!

annasmith
Автор

Hey, I just want to say I love these videos as I'm learning reverse engineering. I've seen a few similar bug walkthroughs on your channel but it helps to have it revised a few times.

MikoPlayer
Автор

There are many footguns in programming, but memory safety is easily the foot-BFG9000.
I'll go out on a limb and say most exploit chains are going to take advantage of memory unsoundness in some form, unless you're lucky (or really determined) to find a chain of logic errors to get you where you want to go.

valshaped
Автор

things I did and still do in C:
detours: replacing opcodes behind function pointers with relative jumps to hook functions.
this allows me to interject flow for a moment to fix upstream bugs in a video game server.
direct access: writing and reading from bus bound hardware interfaces.
other stuff too.

GottZ
Автор

I actually never had to debug a rust program i wrote using gdb or something similar! At most some println! macros where all i needed to find semantic issues in my program.

wChris_
Автор

The reason why industry still and always will use C for years on :
1. C99.
2. Static Code analysis.
3. Memory leak/valgrind/helgrind and super variety tools for sanitizing.
If you work in commercial projects you do all at once, static, dynamic analysis, unit tests and component testing. C is super simple in that regard.

stryderx
Автор

At least C doesn't have esoteric syntax that looks like somebody tried to write Python but had a stroke.

theabyss