flat assembler
Message board for the users of flat assembler.

flat assembler > MenuetOS > MenuetOS developers, how do you make your code secure?

Author
Thread Post new topic Reply to topic
wean_irdeh



Joined: 12 Sep 2018
Posts: 9
Hi devs, I am astonished by your great works! It is such a large scale fasm system, how do you ensure vulnerability won't slip in your code? Thanks in advance

Also what's your opinion on security mitigation available in C compiler like stack smashing protection, W^X memory protection, and so on
Post 13 Sep 2018, 06:16
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 362
Location: Belarus
I’m not a MenuetOS developer but since my thesis is related to security vulnerabilities I’ll express my view towards tricks like having some elements in the stack used to watch for buffer overruns at runtime.

Since vulnerability is a property of a program it is not practical to look for such bugs at runtime. You can’t really do much except shutting down if any of these tricks notices a vulnerability.
Post 13 Sep 2018, 07:52
View user's profile Send private message Visit poster's website Reply with quote
wean_irdeh



Joined: 12 Sep 2018
Posts: 9
DimonSoft wrote:
...


Thank you for the answer! How about a program that could exploit vulnerability in the kernel?
Post 13 Sep 2018, 10:44
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 362
Location: Belarus
wean_irdeh wrote:
DimonSoft wrote:
...


Thank you for the answer! How about a program that could exploit vulnerability in the kernel?

What about it? Vulnerability in the kernel is a property of the kernel and can only be effectively detected and fixed before the kernel runs.
Post 13 Sep 2018, 11:36
View user's profile Send private message Visit poster's website Reply with quote
wean_irdeh



Joined: 12 Sep 2018
Posts: 9
DimonSoft wrote:
...


Thanks! Now I have adequate answer
Post 13 Sep 2018, 11:53
View user's profile Send private message Reply with quote
Ville



Joined: 17 Jun 2003
Posts: 209
In kernel, by making sure that a function behaves in a known manner with all the input parameters, whether the result is the wanted functionality or an errormessage. This includes accesss timeouts, parameter limit checks, avoiding memory access conflicts with semaphores (mutex) etc. The same practices which apply to other programming languages.
Post 13 Sep 2018, 12:20
View user's profile Send private message Reply with quote
wean_irdeh



Joined: 12 Sep 2018
Posts: 9
Ville wrote:
...


Thank you for your answer! If I'm not mistaken you are the main developer of MenuetOS, right? How developing things in asm compared to C? Because I heard C isn't low level anymore due to requiring a huge compiler to perform a lot of optimization for its performance to be close to handwritten asm as possible (link: https://queue.acm.org/detail.cfm?id=3212479)
Post 13 Sep 2018, 15:33
View user's profile Send private message Reply with quote
Ville



Joined: 17 Jun 2003
Posts: 209
After a while, you start to think in the terms of the programming language you are using. And as long as the programming environment supports the language with easy API, then programming (in asm) is quite simple. So today, asm for me is simply one programming language among others.
Post 13 Sep 2018, 20:35
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2018, Tomasz Grysztar.

Powered by rwasa.