Re: A Famous Security Bug

On 23/03/2024 07:26, James Kuyper wrote:

bart <bc@freeuk.com> writes:

On 22/03/2024 17:14, James Kuyper wrote:

[...]

If you want to tell a system not only what a program must do, but
also how it must do it, you need to use a lower-level language than
C.

>
Which one?

 That's up to you. The point is, C is NOT that language.

I'm asking which /mainstream/ HLL is lower level than C. So specifically ruling out assembly.
If there is no such choice, then this is the problem: it has to be C or nothing.

I don't think anyone seriously wants to switch to assembly for the
sort of tasks they want to use C for.

 Why not? Assembly provides the kind of control you're looking for; C
does not. If that kind of control is important to you, you have to find
a language which provides it. If not assembler or C, what would you use?

Among non-mainstream ones, my own would fit the bill. Since I write the implementations, I can ensure the compiler doesn't have a mind of its own.
However if somebody else tried to implement it, then I can't guarantee the same behaviour. This would need to somehow be enforced with a precise language spec, or mine would need to be a reference implementation with a lot of test cases.
-----------------
Take this program:
   #include <stdio.h>
   int main(void) {
       goto L;
       0x12345678;
   L:
       printf("Hello, World!\n");
   }
If I use my compiler, then that 12345678 pattern gets compiled into the binary (because it is loaded into a register then discarded). That means I can use that value as a marker or sentinel which can be searched for.
However no other compiler I tried will do that. If I instead change that line to:
     int a = 0x12345678;
then a tcc-compiled binary will contain that value. So will lccwin32-compiled (with a warning). But not DMC or gcc.
If I get rid of the 'goto' , then gcc-O0 will work, but still not DMC or gcc-O3.
Here I can use `volatile` to ensure that value stays in, but not if I put the 'goto' back in!
It's all too unpredictable.