Avoiding binary vulnerabilities - Oxidize the metal C runs on!

class: center, middle

# Avoiding binary vulnerabilities

## Oxidize the metal C runs on!

---

# Agenda

- Binary vulnerabilities
- How do they arise?
- The underlying problems
- Can modern tools help?

???

- Binary vulnerabilities - what they are and how we can classify them
- Why code is vulnerable, and how to fix it - show some snippets of C code (some simple and some obscure)
- The underlying problem is partly due to the tool - C: a gun which shoots both forward and backwards at the same time
- C was invented in 1972, surely we have better tools for the job - Rust is that better tool!
- How does Rust resolve the issues? (show the same vulnerable examples as before, but in rust)

---

# Binary vulnerabilities

- Stack buffer overflow
- Heap buffer overflow
- Use after free
- Dangling pointers
- Integer overflow

???

- Stack and heap buffer overflow is really the same problem, but will be exploited in different ways, and the difficulty of exploiting them is different

- Use after free and accessing accessing an othervise dangling pointer is considered dangerous

- Integer overflow result in undefined behavior and the program might do anything or everything

---

# How do they arise?

- Overflows
- Use after free
- Integer overflow

???

- Stack buffer overflows is due to reading/copying more bytes into a buffer allocated on the stack.
- Use functions with a predefined maximum number of bytes to write, and limit the number of bytes to read/write by the size of the smaller buffer, or if user input, by the size of the input buffer.
- NEVER use functions such as gets, strlen, strcpy, and the likes

- Heap buffer overflows arise in much the same manner as stack buffer overflows, with the difference being the buffers are allocated on the heap.
- The mitications are the same as for stack allocated buffers
- When overwriting the buffer on the heap, you can't directly control the flow of execution, but rather the metadata of blocks allocated by malloc.

- Use after free arise when memory is deallocated but is still used after it is freed.
- This leads to nondeterministic results and errors

- Integer overflows arise when a too large value is added to an integer, meaning the resulting value do not fit into the signed integer type. This yields undefined behavior.
- Mitigate it by only using signed integers when you really need them and use integer types that are large enough.

---

# The underlying problems

- Not perform bounds checking
- Access arbitrary memory addresses
- The C standards are vague

---

# Can modern tools help?

- Managed languages
- Performance
- Thread safety

???

- Managed languages provide the memory safety we require

- Generally, we do not consider managed languages a suitable tool for the job.

- Enter rust: a language with guaranteed memory and thread safety, but without it being managed.

- Rust can solve most problems

---
class: center, middle

# What we want

A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.

---
class: center, middle

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.