[Cryptography] Buffer Overflows & Spectre

Arnold Reinhold agr at me.com
Thu Nov 29 16:23:36 EST 2018 

On Wed, 21 Nov 2018 16:45
From: Nemo wrote:

…
> You did not give even one example of what you mean, so I will pick a
> typical one: Integer overflow.
> 
> What should happen if the mathematical sum of two positive signed
> integers does not fit in an int? (BTW, how many bits should that be,
> exactly?) If you care about correctness -- and thus security -- there
> are only three possible answers:
> 
>  1) Don't do that.
>  2) An exception should be raised.
>  3) The width of the result should grow to hold the sum.
> 
> There are approximately zero cases where "produce a negative result" is
> what the programmer actually wants.
> 
> The C/C++ language spec goes with option (1). If you want (2) or (3),
> you can use a library to get them (see Microsoft's SafeInt and
> Boost.Multiprecision, respectively).
> 
> You will find the same is true for all forms of undefined behavior:
> Defining it in a sane way would not be performant, and defining it in a
> performant way would not be sane. Thus "don't do that or use a library".



We had a lengthy discussion on this list in April 2014 regaring assert statement removal, https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475 <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475> , which is one example where "produce a negative result” is what the programmer sanely wants. They are trying to enforce “don’t do that.” Yes there are other ways to do that, but how much performance would be lost if compilers never removed an assert? 


> The interaction invariably goes like this:
> Inexperienced C or C++ programmer is surprised by some optimization and
> petitions compiler authors that said optimization should be
> disallowed.

It’s not necessarily a question of disallowing some optimizations. It’s an engineering management/configuration control problem as much as a compiler issue. There seems to be compiler options for GCC that avoid the more egregious behaviors.  The problem is who selects those options and when, and how does a medium to large project control that? If a software module that has been designed and tested under one set of optimization options is later incorporated into a system that is recompiled with different options, how does QA or security management know? One solution might be a way for an object module to limit what optimizations are used or a library method that returns at run time the compiler options used to compile it. If the limits on optimizations could be incorporated in the module’s source code, then at least any changes in optimization level would receive the same attention and review as a change in the program logic itself. 

Do such facilities exist in any of the major tool chains?

> Or use a language that takes a performance hit everywhere to give
> defined behavior everywhere. There are plenty of them


The suggestion to use a different language ignores the enormous amount of C an C++ code already in use. It’s economically infeasible to rewrite it all. If the compiler writer and computer security communities could have a reasonable dialog on this, continued use of C and C++ code, including code written and maintained by less than top-notch programmers, could be made significantly safer. 


Arnold Reinhold


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181129/c488fb1b/attachment.html>

More information about the cryptography mailing list