Monday, June 27, 2005

Underhanded Code

Picture credit:
Underhanded C ContestThe invaluable Bruce Schneier points us to an Underhanded C contest. The challenge: to create source code that looks innocent, yet provides a malicious capability. Some of the samples I've seen employ obfuscated buffer overflow attacks to launch their malevolent behaviors.

Two thoughts ran through my head after reading this:

1) What, if any, are the implications for the open-source community? Some closed-source advocates might point to this example as evidence of open-source insecurity ("...see, even with full transparency, it's possible to infect a distro..."). I personally don't buy that argument. After all, we're forced to trust that closed-source vendors thoroughly vet code and developers.

Furthermore, last year's well-publicized anti-open-source polemic (EE Times: "Linux: unfit for national security") hasn't exactly swung opinion, at least from what I can tell.

2) A previous missive on self-replicating code referenced Ken Thompson's classic ACM article: "Reflections on Trusting Trust." In it, he describes why compilers -- written in the language they compile -- can't be trusted. Why? Simply because someone could surreptitiously modify the compiler source to infect every piece of code it builds with a malicious payload. Imagine an underhanded modification to gcc  , for instance.

The Underhanded C contest is a good idea. It forces us to carefully consider code contributions in this, the golden age of Marvel Comics open-source software development.