5th Underhanded C Contest Now Open 162
Xcott Craver writes "The next Underhanded C Contest has begun, with a deadline of March 1st. The object of the contest is to write short, readable, clear and innocent C code that somehow commits an evil act. This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field. The prize is a gift certificate to ThinkGeek.com."
Watch list? (Score:4, Funny)
This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.
All participants will also receive complimentary cavity-searches at airport checkpoints.
Re:Watch list? (Score:5, Funny)
This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.
I am certain that this is already a feature of existing luggage routing software.
Re: (Score:3, Funny)
Yes, especially if the word "fragile" or "valuable" is in the comment field.
Re:Watch list? (Score:5, Insightful)
Funny, but you've got a point. What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it. Would you hire that guy?
It's not worth the $100 gift certificate.
Re:Watch list? (Score:5, Insightful)
Would you hire that guy?
Definitely, but maybe for QA or as a Code Review consultant. Of course, I'm assuming that the winner of the contest would also be clever enough to detect hidden maliciousness in others' code.
Re: (Score:2)
Definitely, but maybe for QA or as a Code Review consultant. Of course, I'm assuming that the winner of the contest would also be clever enough to detect hidden maliciousness in others' code.
You employ people to work in your Mom's basement? You must get one heck of an allowance.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
That's pretty paranoid of you. The point of the contest is to illustrate your knowledge of esoteric bugs as a lesson to all. You don't want to work for an employer who sees your programming awareness and experience as a negative.
Re: (Score:2)
I agree, but GP has a point even if he asked the wrong question.
Would I hire him? Sure - or at least, this wouldn't weigh against him. The guy I worry about has the same skills, but doesn't advertise them by participating in this contest because he intends to actually use them.
But whould a lot of IT managers see it as a negative and decide not to hire him? Yes, they would. Like it or not, a lot of perfectly good jobs (and remember, for a couple years out of any given decade, "perfectly good" is likely t
Re: (Score:3, Insightful)
>What would a potential employer think when, upon googling your name, they learn that you're so good at hiding malicious code that you won a contest for it.
Thats a pretty lousy line of reasoning and probably responsible for all the mediocrity out there in the computer world. Heck, what if your employer found out you were in the military and fought? Do you want to hire the guy who shot at Iraqis with a 50 caliber machine gun? Or the guy who wrote an ad blocking program? Or the guy who wrote a cover lett
Re: (Score:2)
who turn out to be good at not cheating on their wives
Since when?
Re: (Score:2)
By US standards going to war on a whim isnt rocking the boat. Implementing universal heatlhcare or socialized higher education is.
Re: (Score:1)
All participants will also receive complimentary cavity-searches at airport checkpoints.
Second prize: two of them.
Re: (Score:2)
Re: (Score:2)
more like a complimentary DMCA take down for reproducing the current system.
I mean, realy, isn't this what it does now?
Re: (Score:2)
All participants will also receive complimentary cavity-searches at airport checkpoints.
Actually, I fully expect the entries to receive this very sort of examination...
As opposed to? (Score:2)
As opposed to the current system that does it at random? If you come up with a system that ONLY does it when malicious text is written in the comment field, the government wants to talk with you. They paid $500 per LINE for a baggage-routing system that never worked. [gsu.edu] It was finally abandoned after half a billion was sunk into it.
Re:Watch list? (Score:4, Funny)
Uh-oh, looks like you got missed out the punctuation and got the words in the wrong order! You clearly meant:
God, is stupid science there? Is that religion? Get some religion! Karma should fuck me good.
Yeah, that makes more sense.
Not fair! (Score:3, Funny)
Re:Not fair! (Score:5, Funny)
Re: (Score:1)
How it's written probably doesn't matter. Heathrow Airport has almost certainly patented the invention, and will go after the winner(s) of the competition with every platoon of lawyers at its disposal.
Re: (Score:3, Interesting)
Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?
Depends on the function -- if it's mission critical, you bet your ass it'll be documented and readable. Considering that most ATC technical failures are hardware, not software-based, that should say something. The problem is that while the code is quite well-documented, few people are left with the training or understanding of it to port it to newer systems, and it's not like they can ground all flights for a week to do an upgrade. So we're left with mainframes that were out of date in the 70s being used to
Re: (Score:2)
The problem is that while the code is quite well-documented, few people are left with the training or understanding of it to port it to newer systems,
Because its written in COBOL, and when any new analysis/developers come in and suggest porting it to something else, all the geezers clutch their hearts and moan.
We've had tools to reverse engineer, document and port code from practically any language to any other for years (a decade in cases I'm familiar with, actually). There's no excuse for keeping dead languages or platforms around any longer.
and it's not like they can ground all flights for a week to do an upgrade.
Nobody just pulls the plug on an old system, rolls in a new one and says, "Boy, I hope this will work!" Even for
Re: (Score:2)
Airlines don't write Air Traffic Control code. That's the FAA's job. The luggage routing software that routes your bag to Boston when you're going to New York is the airline's responsibility.
Also, there's no guarantee that "mission critical" implies readable or documented. Arguably, the reason the FAA is having so much trouble introducing a new flight control system is that the old one is so poorly documented, porting it to newer hardware is extremely difficult.
Re: (Score:2)
Depends on the function -- if it's mission critical, you bet your ass it'll be documented and readable.
Not if someone bet their ass it won’t crash inexplicably and need to be fixed or rewritten.
Re: (Score:1, Funny)
Re: (Score:2)
include airport.c
baggage==random();
Something like that?
(IANAP, obviously :)
Re:Not fair! (Score:4, Insightful)
Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any of the airline production code meets that description?
Hardly. It is supposed to be "short, readable, clear and innocent". What are the odds that any software written in C meets that description?
There, fixed.
Re: (Score:3, Interesting)
Re: (Score:2)
Wait a sec... (Score:4, Funny)
| This year's challenge: write a luggage routing program that mysteriously misroutes a customer's bag if a check-in clerk places just the right kind of text in a comment field.
What, we actually need to write code for something that happens by nature?
Re:Wait a sec... (Score:4, Funny)
"Package Handler,
Customer was an asshat...you know what to do"
was starting to get noticed
Re: (Score:2)
What, we actually need to write code for something that happens by nature?
Their logic is sound:
Code written not to make this mistake will make it. How do you solve the problem? Write code that does make the mistake. The resulting software will then, logically, avoid making the mistake.
Easy? (Score:2, Interesting)
Public Static String default_Address = "1600 Pennsylvania Ave NW, Washington, DC 20500, USA" --- hide this somewhere
Private Sub Void Route_Bagggage(bag b)
{
if (comment.text == NULL)
{
b.destination = default_Address
}
else
{
b.destination = comment.text
}
}
Or do I have to make it slightly more deceptive?
Re:Easy? (Score:5, Informative)
Re: (Score:2)
LoL - I know.
But wouldn't that be as easy as testing for whatever the secret comment is (for example, top-heavy) - when that's true, set off a top heavy flag (boolean). Then go somewhere towards the end of the Example, for example the final routing stages, where the destination has already been set by the clerk and confirmed it - and alter the shipping address that way? Like say the overview stage where they clerk reviews all the information, then submits it.
I mean - to me, I cannot think of a single scenar
Code Review vs. Debugger (Score:2)
The point of something like "Underhanded C" would be more about hiding something from a code review than GDB. That code would easily trigger red flags in a code review...
Re: (Score:1)
Re: (Score:1, Informative)
Properly done there would be no boolean indicating t
Re: (Score:2)
(assuming they don't know what the secret comment is in advance)
Thats the kicker though. If its a single occurance (meaning a very rare comment) then it wouldn't be very difficult to hide it at all, especially if you are the one who programs the entire algorithm start to finish.
If it occurs multiple times, this "routing error" then the pattern is predictable, and they know -EXACTLY- where the problem will be. Testing with a regular expression and/or hashes won't change it one bit if you know what generates the error (the comment).
And I assume they want you to route the
Re: (Score:2)
Who says it has to be a single comment? Perhaps you could make so that, if the comment starts with 'a', it routes to an alternate destination that's randomized based on the contents of the comment. That would be hell to debug, since the program would end up producing different outputs from the same input.
Re: (Score:2)
Re: (Score:2)
To answer your first question, you're partially correct that a debugger can do wonders to highlight malicious code. Of course, as you point out, knowing when and where to use a debugger can be a little challenging. And then the realization that unless exceptional care is taken, the code you're stepping though might not even contain or reveal the exploit. (Since the mere act of viewing the byte code in a debugger can change affect it's operation.) There's one story that really opened my eyes to the possi
Re: (Score:2)
Of course, a C compiler produces bytes, not byte code. Existing malware will hide from a debugger by changing what that debugger shows the developer. At least one new virus has been spotted in the wild this way (a developer debugging his own code started seeing memory that just couldn't be right).
I'd be interested to see how the DOD does code reviews to spot a Thompson hack. Manually reconcile source and object after each compile? That sounds a bit unwieldy, to say the least - plus whatever tool you use
Re: (Score:1)
I'm thinking the best way would be an overflow in an array that flips the most significant digit of the target zip code. But I'm not a coder, so someone else can steal my idea.
Re: (Score:2)
Actually, I'd probably go with a packed data structure in which the string is allowed to overflow by one byte into the zip code integer or similar. Then, it will appear to be perfectly innocuous and functional. However, if you enter a string that is one byte too long, the top byte of the zip code integer becomes zero. Of course, it will always be zero on a big endian machine (assuming a 32-bit integer) because you only need the bottom 17 bits to hold all 5-digit zip codes. However, on little endian mach
Re: (Score:2)
You could also overflow into an integer that contains a normally constant value of 1 that points into an array of pointers that changes depending on whether you are using version 1 or 2 of the data structure. When the value overflows, it resets it to zero and using version 1 on a version 2 data structure causes the contents of the comment to be used for the address.
Re: (Score:1, Interesting)
In other words, you need to replace an == with an = in just the right location (or vice versa) so that while it looks like you're doing a sanity check, you're actually assigning a stealth variable.
To make it even better, you need to set it up so that this causes a buffer overflow, and you're actually overwriting another variable. THEN, you go back and do a sanity check on the original value which corrects the mistake caused by the ==/= replacement. That way, someone sees the mistake, but sees that it is p
Re:Easy? (Score:5, Funny)
C motherfucker, do you speak it?!
Re: (Score:2)
O, stewardess! I speak Java.
Re: (Score:2)
"What" ain't no country I've ever heard of. They speak C in What?
Re: (Score:2)
Yeah. You easily failed! ^^
The whole point of the contest is, that there is no “hide somewhere”. All the code must pass an inspection and look reasonable.
A challenge? (Score:1, Funny)
It seems like this has already been done and is in use at airports worldwide.
Possibilities (Score:4, Interesting)
I don't have the time for something like this, but it seems to me a good possibility would be to have all of your inputs that the clerk fills out be contiguous in memory, including the destination, have the algorithm to figure out what destination to go to scan through the whole destination string looking for matches (rather than looking for an exact match) and taking the last one it finds, and have a broken bounds check for the length of that string so that the algorithm looks into the comments section as well.
So, for example, if the clerk fills out the destination as "LAX" but writes in the comments section, "Do not confuse his bags with those owned by CID who is also going to a different final destination; they're very similar looking.", the bags would be routed to Cedar Rapids (CID) instead of Los Angeles (LAX).
Re: (Score:3, Interesting)
Example [ex-designz.net] on this page
Re: (Score:3, Interesting)
Re: (Score:2)
Yeah, that's totally the way to go, if it's allowed. I wonder how much live code can be broken by an injection starting with ]]> because someone just crammed an input string into a CDATA section. Deliberately allowing this would be quite subtle.
Re: (Score:2)
“Um, why are you using sockets to do this? We just asked for you to read some luggage records from stdin and send the output to stdout.”
Re: (Score:2)
Because the first is the starting airport, then any intermediate airports, then the destination airport.
Re: (Score:2)
Not according to the record definition:
time luggageID flightID depart arrive comment
time: int
luggageID: char[9], 2 letters, 6 digits, terminated by whitespace
flightID: char[7], 2 letters, 1-4 digits, terminated by whitespace
depart: char[4], 3 letters terminated by whitespace
arrive: char[4], 3 letters terminated by whitespace
comment: char[], any length of alphanumeric data terminated only by \n
No intermediate airports are given, according to this template. Flights with layovers are given in two records, one
Candy from a baby (Score:1)
Re: (Score:1)
I wrote an experimental javascript blackjack prog where if I type in "upupdowndownleftrightleftrightBASTARD" I always win. Seemed like a good, easy to remember input combo. :)
Contest or Job Posting? (Score:5, Funny)
a luggage routing program that mysteriously misroutes a customer's bag
sounds like Delta is looking for new programmers
Re:Contest or Job Posting? (Score:5, Funny)
I'm really impressed (Score:4, Informative)
I've read the entire blog, and I must say, I'm impressed. Very impressed. Very, very impressed.
The person who writes the criteria knows what he's/she's writing about.
And the winners who submit the results are really, really good.
Re:I'm really impressed (Score:5, Interesting)
Here's some points I'd like to highlight, from the 2008 Winners.
All I can say is, Wow.
Re: (Score:2)
I also started looking up past winners, Johns explanation/justification code was brilliant. I had no idea such evilness could be so cleverly concealed.
Re:I'm really impressed (Score:4, Funny)
I also started looking up past winners, Johns explanation/justification code was brilliant. I had no idea such evilness could be so cleverly concealed.
So you're new to C?
For extra points: (Score:5, Funny)
If you manage to get this into the GNU/Linux Kernel, you get a job at the NSA.
Write short, readable, perfectly innocent looking C code, that somehow commits an evil act under certain circumstances.
Re:For extra points: (Score:4, Funny)
Re: (Score:2)
I always thought Windows, including the Python interpreter, was written in Python?
Re: (Score:2)
Well, it does have "cool effects" (readable) and "was rewritten from the ground up to be fast and light" (supposedly short) while maintaining the normal Windows work flow (innocent.) /sarcasm
Re: (Score:2)
But what project accepts code as specialized on a specific task as this?
Is there such a do-all software?
Oh, wait... there’s Emacs, of course! ^^
Re: (Score:3, Informative)
Technology makes many things obsolete ... (Score:2)
So that's what happened at DIA! (Score:1, Redundant)
But years before the contest.
http://en.wikipedia.org/wiki/Denver_International_Airport#Automated_baggage_system [wikipedia.org]
http://users.csc.calpoly.edu/~dstearns/SchlohProject/problems.html [calpoly.edu]
The second article sounds familiar. All the warning signs of a risky project failure were there, but no one seemed to know it or pay attention.
Developers: 5th Underhanded C Contest Now Open (Score:2)
I have a program, actually a large system, that sends boxes to different areas in warehouse depending from various aspects. Sending/transfer is done by conveyor belts and sometimes even with robots. Boxes are actual physical boxes containing food items.
It has a little defect though which I've been unable to track down. Sometimes when it tries to send box to place A the box is actually found in place B but the UI tells that it is located in places C and D, which of course is impossibility.
Unfortunately it is
Re: (Score:2)
If it was written in C, wouldn't the boxes in A and B overwrite it?
Re: (Score:2)
Possibly yes, but it would duplicate as C and D. And before you know it world would be full of Cs and Ds!
Useless use of Cat (Score:2)
Doesn't the example on the contest page qualify as Useless Use of Cat?
i.e., shouldn't this line: ./lug UA129086 - - -
cat luggage.dat |
be this: ./lug UA129086 - - - http://en.wikipedia.org/wiki/Cat_(Unix)#Useless_use_of_cat
Re: (Score:2)
Re: (Score:2)
He typed,
Slashcode ate his angle braces.
And yes, that line would be equivalent... as would, ./lug UA129086 - - -
< luggage.dat
However, get a > where you meant for a < and you’ll be having an epic oh-fuck moment.
No change in functionality (Score:2)
If the code has a comment field for special handling, you wouldn't need much to do this. The biggest problem would be to make it so that somebody can't correlate bad handling to the comment. You might want to have a 'bad handling' string that varies from hour to hour, one that is displayed as part of a 'quote of the moment'.
Something like (Score:2)
Write up of last entry (Score:5, Informative)
I am the winner of the previous underhanded C contest. If anyone is interested, I wrote up a description of my entry on my blog here: http://notanumber.net/archives/54/underhanded-c-the-leaky-redaction [notanumber.net]
It was a fun contest to enter and now I can shop at thinkgeek for silly gadgets without feeling guitly :)
Re: (Score:2)
I loved your solution, by the way. Will you be entering this year’s contest – or have you already? (Okay, so it’s only two days in as of yet...)
Re: (Score:1, Interesting)
IOCC rocks!
korn.c [ioccc.org] is a good example, probably one of the best one-liner programs I have seen.
Re: (Score:1)
Re: (Score:1)
'unix' is a preprocessor constant:
(It should be defined like that on unix/linux systems)
Ah, that's exactly what I was missing. Thanks!
Re:This sounds familiar to, (Score:5, Funny)
I was going to say, don't forget Perl programmers, but then I remembered the legibility requirement.
Re: (Score:2)
The Perl programmers weren't forgotten, just implicitly passed in.
Totally opposite (Score:5, Informative)
The true "Underhanded" program would be one that was perfectly readable, so readable in fact that you totally overlook the sneaky thing it was doing because what you think it's doing seems so clear.
The ObsfuC contest is all about code that even after staring you can't tell what the heck is going on.
Re: (Score:1, Offtopic)
Re: (Score:1)
Way to out yourself as an AC troll.
You just figured this out? He's been posting as an AC troll for ages.
Re: (Score:2)
Re: (Score:2)
"write short, readable, clear and innocent C code"
1. None of the above adjectives apply to C.
See, thats why its a contest. It has nothing to do with the scenario.
Re: (Score:2)
Well, that's the challenge. The misrouting part is easy.
(I'm only partly kidding. :P )
Re: (Score:2)
You’re joking, but you’re correct. The challenge is making the program ever do what it’s supposed to. It’s deceptively simple... then you start looking at it and you realise it’s more complicated than you thought. Making the 2nd leg of a non-direct flight go away when the 1st leg was superseded by a newer entry, for example.
Re: (Score:2)
What happened to it?
Slashdot covered this [slashdot.org].