if you see webasm, just like stay away
hahaha okay :D
BinaryByter
BinaryByter
looks like webapps are my only real option
BinaryByter
recently i looked at the code and spotted bugs instantly
can you please report them?
or like. what were the bugs?
Ludovic 'Archivist'
olli
C is great for what it wants to be
That's the reason C is still widely used in embedded systems
Ludovic 'Archivist'
C is great for what it wants to be
That's the reason C is still widely used in embedded systems
Freestanding C++ is very good for embedded development
BinaryByter
C is great for what it wants to be
That's the reason C is still widely used in embedded systems
C++ is an extension of C. no reason to prefer C
olli
C++ is an extension of C. no reason to prefer C
Do you know an ASIL-D rated C++ compiler for PowerPC?
olli
I know C compilers
BinaryByter
i'M pretty sure that g++ can compile to powerPC with such a security level
olli
no it cannot
olli
you need an audit for that
olli
and GCC is definately not ASIL-D rated
Ludovic 'Archivist'
A C compiler in itself offer no security
Ariana
Idts
olli
A C compiler in itself offer no security
That's the reason it needs to be certified to be used in safety critical embedded development
Ludovic 'Archivist'
That's the reason it needs to be certified to be used in safety critical embedded development
The C++ language offers requirements for security by itself compared to C
BinaryByter
ASIL is nothing but a standard though
BinaryByter
btw: a language != a compiler
Ludovic 'Archivist'
Still not ASIL rated
ASIL is just a spec, and a C compiler does never offer security
Ludovic 'Archivist'
This is why rocket guidance systems are not made in C
olli
Softwrae that runs in your car needs to be compiled using a certified compiler
olli
If there is no C++ compiler, how are you going to use the language?
BinaryByter
If there is no C++ compiler, how are you going to use the language?
make your own C++ compiler
BinaryByter
what do I know
BinaryByter
still, a language gives NO specification about the ASIL-Rating of the assembler output of your compiler
olli
Yes but the absent of C++ compilers make it hard to use the language
Ludovic 'Archivist'
Btw, intel has ASIL D rated C++ compilers for x86, x64, and all ARM architectures
Ariana
wait crap gcc doesn't realize format string exploit
Ariana
huh
Ariana
thats weirfd
klimi
hmmm shortage
Ariana
CANARY : disabled
FORTIFY : disabled
NX : ENABLED
PIE : ENABLED
RELRO : Partial
canary not there what gcc
Ludovic 'Archivist'
wait crap gcc doesn't realize format string exploit
It does and have a way to disable string formating
Ludovic 'Archivist'
Ariana
like format string exploit occur when
scanf("%s",str);
printf(str);
Ludovic 'Archivist'
like format string exploit occur when
scanf("%s",str);
printf(str);
There is a flag for that like I said
Ariana
yeah but you know, people exist who just compile
gcc main.c -o main
just like sql injections are still a thing
Ariana
didn't realize gcc does not go that automatically actually
Ludovic 'Archivist'
yeah but you know, people exist who just compile
gcc main.c -o main
just like sql injections are still a thing
Yeah, and those people are dumb
Ariana
and they are still able to get hired zzz
klimi
yo
Ludovic 'Archivist'
And if they manage to work with me,they get a very long lecture about how to use GCC correctly
Ariana
And if they manage to work with me,they get a very long lecture about how to use GCC correctly
should probably just fire tbh, someday you'll see them using php and not escaping user input and querying sql directly
Ludovic 'Archivist'
should probably just fire tbh, someday you'll see them using php and not escaping user input and querying sql directly
Sometimes, educating peple bear fruits, if they don't manage to learn of it in test period tho, that's what would happen
Ariana
Yeah that's true
Ariana
people learn to write code that allows for atacks quite often, ahem w3school
BinaryByter
Ariana
people learn to write code that allows for atacks quite often, ahem w3school
need to delete it soom
Ariana
whats the issue with that?
well, isn't really a problem, just that you're able to randomly get root access occasionally
BinaryByter
well, isn't really a problem, just that you're able to randomly get root access occasionally
function injection? needs a compile flag for safe compiling?
Ariana
isnt really function injection but you need compile flags to prevent many attacks
BinaryByter
isnt really function injection but you need compile flags to prevent many attacks
Do you have enough patience to accept a braindead padawan?
BinaryByter
= me
Ludovic 'Archivist'
generally tho, not using those formating functions is best
Ludovic 'Archivist'
I recommend never to use them in general
Ariana
printf is dangerous
Ariana
yea send links to get me started :D
for exploiting things
https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
klimi
this is nice
BinaryByter
for exploiting things
https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN
featuring a german accent
klimi
maxi
klimi
you want to do ctfS?
BinaryByter
ok even free was dangerous if you used older versions of c
new and free still are dangerous and considered a horrible practice
Ludovic 'Archivist'
ok even free was dangerous if you used older versions of c
And it is why C++ is generally a far better choice
Ariana
double free exploits gg