The Internet may have serious problems due to languages like C and C ++ that contribute to the appearance of vulnerabilities.
Hi, Habr! I present to you the translation of the article " Internet aurait de sérieux problèmes à cause de langages comme C et C ++ favorisant la survenue de failles " (Fr. language).
One bug affects the iPhone, the other - Windows, and the third - servers running Linux. At first glance, these bugs have nothing in common, as they concern different platforms: Android, iOS, macOS, Windows, Linux. However, in fact, everything is different, according to Alex Gaynor, software security engineer at Mozilla, who previously worked at USDS (United States Digital Service).
During the third Weakest Link, an annual event organized by Motherboard Vice,
on computer hacking and cybersecurity in the future, Alex Gaynor raised a serious problem that, in his opinion, could threaten the Internet, but, paradoxically, leaves developers completely indifferent.
Gaynor explained that the three previously mentioned bugs exist because the software they affect on different platforms was written using programming languages that have an unpleasant tendency to contribute to “memory unsafety” errors, allowing access to unallocated areas of memory.
This category of errors can lead to bugs and security vulnerabilities while accessing memory.
By allowing memory unsafety errors to occur, programming languages such as C and C ++ can contribute to the proliferation of an almost infinite stream of critical security vulnerabilities over the years. Examples of these vulnerabilities include:
A type mismatch can occur when a code segment does not check the type of the object passed to it and uses it blindly. This situation can be dangerous. In addition, along with the type mismatch, incorrect function pointers or incorrect data are associated with the wrong part of the code, which in some cases can lead to its execution.
Buffer overflow (or "English" buffer overflow ") is a critical security vulnerability that occurs when a user enters a string that will be in an array of undersized characters. This results in writing data outside the memory area allocated for the array. HeartBleed, for example, which had an impact on 17% of secure servers on the Internet, was a buffer overflow vulnerability that could read 60KB after the end of the list, including passwords and other user data.
Overflowing of integer variables is a hard-to-detect vulnerability that exploits the fact that numbers cannot exceed a certain value, which depends on the number of bits used to represent them, and the encoding method.
The use after free vulnerability usually occurs when using a pointer or in-memory data when the pointer (or block of memory) is already released.
Together, these vulnerabilities are exploits that are most commonly found in popular software, such as Firefox, Chrome, Windows, Android, or iOS. Gaynor has already counted at least 400 and claims: “I have followed the security of these projects for over a year, and in almost all versions of these products more than half of the vulnerabilities are memory unsafety. And even more alarmingly, severe and critical vulnerabilities [...] almost always have this type. ”
Despite the significant risks associated with software security that they support, “memory unsafety friendly” programming languages, such as C or C ++, are still used by developers, while proven alternatives, such as Rust, Swift, that can be considered as languages "memory safe", are rare.
This may be due to the fact that for a new project, developers usually choose a programming language based on languages that their team knows, performance, and library systems that can flow from this choice. When making decisions, the security component associated with this is almost never considered, or at least is considered insufficiently, Gaynor believes.
In addition, most software projects, even the most important ones for Internet security, are not new. They were launched ten years ago, if not more. Linux, OpenSSL and the Apache web server, for example, for more than twenty years. For large-scale projects like these, rewriting all the code in a new language is not an option. They must be transformed gradually, which means that projects must be written and saved in two different languages instead of one. It also implies the need to form a large team, which takes a lot of time and requires more funds.
The biggest problem, finally, is connected with the fact that many developers do not believe at all that the problem exists. They believe that the problem is not that languages such as C or C ++ contribute to the emergence of vulnerabilities, but in other programmers who write code with errors. They believe that there are no problems with these supposedly “memory unsafety friendly” languages, because no code is perfect, people just do not know how to use them.
And what do you think about this?
I note that sensible criticism of the translation is also welcome.
Thanks for attention!
But few developers care about it.
One bug affects the iPhone, the other - Windows, and the third - servers running Linux. At first glance, these bugs have nothing in common, as they concern different platforms: Android, iOS, macOS, Windows, Linux. However, in fact, everything is different, according to Alex Gaynor, software security engineer at Mozilla, who previously worked at USDS (United States Digital Service).
[one]
Подробнее — https://www.usds.gov, здесь и далее прим. переводчика.
During the third Weakest Link, an annual event organized by Motherboard Vice,
[2]
Подробнее — https://motherboard.vice.com/en_us
on computer hacking and cybersecurity in the future, Alex Gaynor raised a serious problem that, in his opinion, could threaten the Internet, but, paradoxically, leaves developers completely indifferent.
Gaynor explained that the three previously mentioned bugs exist because the software they affect on different platforms was written using programming languages that have an unpleasant tendency to contribute to “memory unsafety” errors, allowing access to unallocated areas of memory.
[3]
Скорее всего, имелось в виду, что обращение к 6 элементу массива, состоящего из 5 элементов, допустимо, хотя в других языках программирования, более «безопасных», как минимум будет выведено сообщение об ошибке.
This category of errors can lead to bugs and security vulnerabilities while accessing memory.
By allowing memory unsafety errors to occur, programming languages such as C and C ++ can contribute to the proliferation of an almost infinite stream of critical security vulnerabilities over the years. Examples of these vulnerabilities include:
- type mismatch
- buffer overflow
- integer variable overflow
- use after free vulnerability
A type mismatch can occur when a code segment does not check the type of the object passed to it and uses it blindly. This situation can be dangerous. In addition, along with the type mismatch, incorrect function pointers or incorrect data are associated with the wrong part of the code, which in some cases can lead to its execution.
Buffer overflow (or "English" buffer overflow ") is a critical security vulnerability that occurs when a user enters a string that will be in an array of undersized characters. This results in writing data outside the memory area allocated for the array. HeartBleed, for example, which had an impact on 17% of secure servers on the Internet, was a buffer overflow vulnerability that could read 60KB after the end of the list, including passwords and other user data.
Overflowing of integer variables is a hard-to-detect vulnerability that exploits the fact that numbers cannot exceed a certain value, which depends on the number of bits used to represent them, and the encoding method.
The use after free vulnerability usually occurs when using a pointer or in-memory data when the pointer (or block of memory) is already released.
Together, these vulnerabilities are exploits that are most commonly found in popular software, such as Firefox, Chrome, Windows, Android, or iOS. Gaynor has already counted at least 400 and claims: “I have followed the security of these projects for over a year, and in almost all versions of these products more than half of the vulnerabilities are memory unsafety. And even more alarmingly, severe and critical vulnerabilities [...] almost always have this type. ”
Despite the significant risks associated with software security that they support, “memory unsafety friendly” programming languages, such as C or C ++, are still used by developers, while proven alternatives, such as Rust, Swift, that can be considered as languages "memory safe", are rare.
This may be due to the fact that for a new project, developers usually choose a programming language based on languages that their team knows, performance, and library systems that can flow from this choice. When making decisions, the security component associated with this is almost never considered, or at least is considered insufficiently, Gaynor believes.
In addition, most software projects, even the most important ones for Internet security, are not new. They were launched ten years ago, if not more. Linux, OpenSSL and the Apache web server, for example, for more than twenty years. For large-scale projects like these, rewriting all the code in a new language is not an option. They must be transformed gradually, which means that projects must be written and saved in two different languages instead of one. It also implies the need to form a large team, which takes a lot of time and requires more funds.
The biggest problem, finally, is connected with the fact that many developers do not believe at all that the problem exists. They believe that the problem is not that languages such as C or C ++ contribute to the emergence of vulnerabilities, but in other programmers who write code with errors. They believe that there are no problems with these supposedly “memory unsafety friendly” languages, because no code is perfect, people just do not know how to use them.
And what do you think about this?
I note that sensible criticism of the translation is also welcome.
Thanks for attention!