[Cryptography] bounded pointers in C
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri Apr 18 08:53:02 EDT 2014
On 18/04/14 12:35, Ben Laurie wrote:
> On 18 April 2014 01:46, John Gilmore <gnu at toad.com> wrote:
>>[...]
>> A "bounded pointers" implementation of gcc was built in the late
>> 1990s-2000 by Greg McGary (see
>> http://gcc.gnu.org/ml/gcc/2000-04/msg00137.html). It worked well
>> enough to compile and run GNU libc and the GNU textutils and
>> fileutils. This was some sort of official GCC project, even. But
>> apparently it was never adopted into mainline gcc -- I don't know why
>> not. See https://sourceware.org/ml/libc-alpha/2012-01/msg00131.html ,
>> http://gcc.gnu.org/ml/gcc/2001-02/msg00583.html ,
>> http://gcc.gnu.org/ml/gcc/2001-02/msg00278.html
>> He seems to be greg at mcgary.org and was contributing to GCC mailing
>> lists as late as 2009. Apparently the code lived on a branch
>> of the GCC source tree ("bounded-pointers-branch") so that branch
>> may still be accessible somewhere. Indeed, doing this command:
>>
>> svn co svn://gcc.gnu.org/svn/gcc/branches/bounded-pointers-branch
>>
>> seems to have brought me some code, which might be Gary's latest code,
>> or might not be. The last changes in it seem to be from about 2000,
>> according to the ChangeLog. But I can't get it to build -- the
>> configuration files seem messed up.
>
> Hmm. Any info on how this works (or worked)? All bounded pointers
> implementations I've seen have required some kind of code annotation
> to make them work properly (e.g. explicit fat pointers). Can it really
> be done without source modification?
I can't see the point in trying to get away from the necessity of source
modification - the idea after all is to have all strings and arrays and
so on bounds checked, but if a programmer uses malloc and memcpy (the
smoking gnu in the Heartbleed bug) instead of a declaration of a string
and a bounded strcpy, then all bet are off anyway.
Now if C had proper bounded pointers for strings and arrays, then using
malloc and memcpy would throw out a big flag - why on Earth are you
using this dangerous stuff instead of the nice safe string/array
commands? - but as C doesn't have nice safe string/array commands ...
-- Peter Fairbrother
More information about the cryptography
mailing list