class: center, middle # Avoiding binary vulnerabilities ## Oxidize the metal C runs on! --- # Agenda - Binary vulnerabilities - How do they arise? - The underlying problems - Can modern tools help? ??? - Binary vulnerabilities - what they are and how we can classify them - Why code is vulnerable, and how to fix it - show some snippets of C code (some simple and some obscure) - The underlying problem is partly due to the tool - C: a gun which shoots both forward and backwards at the same time - C was invented in 1972, surely we have better tools for the job - Rust is that better tool! - How does Rust resolve the issues? (show the same vulnerable examples as before, but in rust) --- # Binary vulnerabilities - Stack buffer overflow - Heap buffer overflow - Use after free - Dangling pointers - Integer overflow ??? - Stack and heap buffer overflow is really the same problem, but will be exploited in different ways, and the difficulty of exploiting them is different - Use after free and accessing accessing an othervise dangling pointer is considered dangerous - Integer overflow result in undefined behavior and the program might do anything or everything --- # How do they arise? - Overflows - Use after free - Integer overflow ??? - Stack buffer overflows is due to reading/copying more bytes into a buffer allocated on the stack. - Use functions with a predefined maximum number of bytes to write, and limit the number of bytes to read/write by the size of the smaller buffer, or if user input, by the size of the input buffer. - NEVER use functions such as gets, strlen, strcpy, and the likes - Heap buffer overflows arise in much the same manner as stack buffer overflows, with the difference being the buffers are allocated on the heap. - The mitications are the same as for stack allocated buffers - When overwriting the buffer on the heap, you can't directly control the flow of execution, but rather the metadata of blocks allocated by malloc. - Use after free arise when memory is deallocated but is still used after it is freed. - This leads to nondeterministic results and errors - Integer overflows arise when a too large value is added to an integer, meaning the resulting value do not fit into the signed integer type. This yields undefined behavior. - Mitigate it by only using signed integers when you really need them and use integer types that are large enough. --- # The underlying problems - Not perform bounds checking - Access arbitrary memory addresses - The C standards are vague --- # Can modern tools help? - Managed languages - Performance - Thread safety ??? - Managed languages provide the memory safety we require - Generally, we do not consider managed languages a suitable tool for the job. - Enter rust: a language with guaranteed memory and thread safety, but without it being managed. - Rust can solve most problems --- class: center, middle # What we want A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. --- class: center, middle Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.