Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Programming Security

5th Underhanded C Contest Now Open 162

Posted by CmdrTaco
from the i-c-what-you've-done-there dept.
Xcott Craver writes "The next Underhanded C Contest has begun, with a deadline of March 1st. The object of the contest is to write short, readable, clear and innocent C code that somehow commits an evil act. This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field. The prize is a gift certificate to ThinkGeek.com."
This discussion has been archived. No new comments can be posted.

5th Underhanded C Contest Now Open

Comments Filter:
  • Re:Easy? (Score:5, Informative)

    by Anonymous Coward on Wednesday December 30, 2009 @12:47PM (#30596638)
    *Way* more deceptive. The default value for the destination field? It's supposed to look innocent - an innocent program would note that you left out a destination and prompt you to enter one. Any basic debugging done by someone else would turn this up. What they want is for you to leave a "comment" like "this package is top-heavy" (in a field designed for such comments) that changes the destination, but in a way such that someone reading the source code wouldn't realize anything was happening at all much what that you were changing the destination. Also such that whoever entered the text wouldn't obviously be at fault.
  • I'm really impressed (Score:4, Informative)

    by troll8901 (1397145) * <troll8901@gmail.com> on Wednesday December 30, 2009 @01:15PM (#30597058) Journal

    I've read the entire blog, and I must say, I'm impressed. Very impressed. Very, very impressed.

    The person who writes the criteria knows what he's/she's writing about.

    And the winners who submit the results are really, really good.

  • Totally opposite (Score:5, Informative)

    by SuperKendall (25149) on Wednesday December 30, 2009 @01:28PM (#30597264)

    The true "Underhanded" program would be one that was perfectly readable, so readable in fact that you totally overlook the sneaky thing it was doing because what you think it's doing seems so clear.

    The ObsfuC contest is all about code that even after staring you can't tell what the heck is going on.

  • Re:Easy? (Score:1, Informative)

    by Anonymous Coward on Wednesday December 30, 2009 @02:06PM (#30597832)
    You're still missing the point. Yes, it would be really easy to make a program that changes the destination based on a particular value in the comment field. It would also be really easy to see that someone did that. What is difficult (and worthy of a contest) is changing the destination based on a particular value in the comment field in such a way that a simple debugging wouldn't find it (assuming they don't know what the secret comment is in advance).

    Properly done there would be no boolean indicating the presence of the comment, and the value of "Destination" might never change. Instead at the end there would be some code that verified that all fields were properly formatted and send them to the printer, and some clever code at this point would subtly change what was outputted as the destination based on the contents of a particular comment field. Maybe some combination of the conditional operator and regular expressions would allow you to cleverly add 1 to all numbers in the destination if some condition is true, such that "1234 main street" becomes "2345 main street". (Something more clever then "comment == 'top-heavy'", based on regular expressions and/or hashes)

    But yea, doing it such that not only can nobody tell what's happening but such that they don't know *anything* is happening is difficult. That's why it's a contest.
  • Re:For extra points: (Score:3, Informative)

    by Rycross (836649) on Wednesday December 30, 2009 @02:29PM (#30598218)
  • Re:Easy? (Score:1, Informative)

    by Anonymous Coward on Wednesday December 30, 2009 @04:26PM (#30599768)

    Well if you think it's easy, why not try submitting something? There's a good chance the winners will have far better solutions than you were expecting.

    Remember there's a few parts to this. It's supposed to be simple, hidden in plain sight, and once discovered, it can't look intentional.

    Read the challenge. If your program mentions anything at all having to do with loading, or positioning of the luggage, it's thrown out. Those concepts have nothing to do with the code that is being written. Your code simply parses standard in, and spits out pieces of that standard in based on command line arguments. Anything that goes astray from that is suspect.

    I think I know what my submission will be :)

  • by John Meacham (1112) on Wednesday December 30, 2009 @04:48PM (#30599982) Homepage

    I am the winner of the previous underhanded C contest. If anyone is interested, I wrote up a description of my entry on my blog here: http://notanumber.net/archives/54/underhanded-c-the-leaky-redaction [notanumber.net]

    It was a fun contest to enter and now I can shop at thinkgeek for silly gadgets without feeling guitly :)

If this is a service economy, why is the service so bad?

Working...