Presented at ekoparty 14 (2018)
Sept. 28, 2018, 4:50 p.m.
There are some techniques to avoid vulnerabilities, such as zeroing buffers placed in the stack before leaving functions; however, modern optimization techniques such as Death Store Elimination may lead the compiler think that the call is not necessary, thus removing it. In this talk I will present well known security-related software examples where compiler optimizations led to software vulnerabilities; I will also show a live toy example of exploiting a vulnerability caused by a compiler optimization; then I will show common workarounds such as OS-provided functions and other techniques; finally, I will introduce some compiler internals and invite people to contribute to mainstream compilers to avoid these situations with some ideas, such as enhanced diagnostics and code generation.
My life has been cursed with a painful succession of exotic compilers development, some of which I was not allowed to know what they were used for. Since compilers require combining both high level algorithms with low level knowledge of the target architecture, I had to mess with the full range. I contributed to the GNU toolchain (implementing hardware erratas, adding finite state machines to the assembler, fixing relentlessly the debugger) and to the C++ language committee. Since the mid 90s, I've been doing some embedded development and OS development, with a strong security focus in mind. Now I am a co-founder of a firmware security company where we have to apply many of these experiences. I enjoy encouraging and guiding other people to grow and get involved with the free software community, especially in terms of both security and compilers development.