$30 off During Our Annual Pro Sale. View Details »

How compilers got less terrible

Richo Healey
May 15, 2015
Programming
1
97

How compilers got less terrible

A talk I gave at hushcon east

Richo Healey

May 15, 2015
Tweet

More Decks by Richo Healey

See All by Richo Healey
rust-greatfet
richo
1
580
unrubby
richo
0
290
reverse reverse engineering
richo
0
860
Hacking Electric Skateboards: Vehicle Research for Mortals
richo
1
250
radBIOS: Bsides LV
richo
0
1.1k
building a hipster catapult, or how2own your skateboard
richo
0
1.7k
Debugging with and haxing on Voltron
richo
0
240
#radBIOS: Shouting a database across the room
richo
0
390

Other Decks in Programming

See All in Programming
アクセシビリティを理解するとフロントエンドのテストが楽になる!
nano72mkn
1
1.9k
フロントエンドの書くべきだったテスト、書かなくてよかったテスト
takefumiyoshii
33
12k
Expo Router は Expo 導入の決め手となるか フロントエンドカンファレンス沖縄2023 @Kaito-Dogi
doggy
3
1.7k
長年運用されている Web サービスと 通信をするクライアントを Go で作ってみた話
commojun
0
410
ChatGPTをソフトウェア開発に活用する
fbei_ot
0
150
Open Source - A Journey of Contribution and Collaboration
ivargrimstad
0
930
Voicyの生放送リスナー画面で パフォーマンスチューニングした話
miyuki2203
0
120
Visually experience the beauty of mathematics with p5.js
clown0082
0
1.6k
JSConfjp2023 Storybook駆動開発の再現性と効率化
kinocoboy2
1
2k
カスタマーサポートの信頼性向上 〜社内ツールにおけるSRE活動〜 - NIFTY Tech Day 2023
niftycorp
0
120
supabaseとSvelteKitで作るバックエンドレスなサーバーレスWebサイト / Creating with supabase and SvelteKit Backend-less serverless websites
seike460
PRO
3
1.8k
JakartaEE_for_Spring_OttawaJUG-2023.pdf
ivargrimstad
0
130

Featured

See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
299
110k
Product Roadmaps are Hard
iamctodd
43
9.1k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
656
120k
The Invisible Side of Design
smashingmag
291
49k
We Have a Design System, Now What?
morganepeng
41
6.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
44
12k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
14k
Thoughts on Productivity
jonyablonski
55
3.5k
Designing for Performance
lara
601
66k
Building Your Own Lightsaber
phodgson
97
5.4k
Clear Off the Table
cherdarchuk
81
300k

Transcript

  1. how compilers got
    less terribad
    richo

    View Slide

  2. or: richo drinks and is
    mad about golang
    richo

    View Slide

  3. who am I
    • security engineering at Stripe
    • work on (and have capital-F Feelings about)
    compilers
    • Co-own the only CVE for a skateboard with mike
    • (Go lookup 2015-2247 it’s pretty lols)
    • wrong island con

    View Slide

  4. What this isn’t
    • Why you should use $technology
    • Why you should not use $technology

    View Slide

  5. Compilers are super neat
    • Sometimes they’ll save you from yourself
    • Sometimes they won’t
    • Sometimes they’ll essentially go out of their way
    to be footguns

    View Slide

  6. what even is a compiler
    Lex tokens Parse AST
    Codegen
    asm
    Assembler
    Object
    Link Executable
    input

    View Slide

  7. int thing(char* s) {
    puts(s);
    }

    View Slide

  8. TOK int
    TOK thing
    LPAREN
    tok void
    STAR
    tok s
    LBRACE
    tok puts
    LPAREN
    STRING hi!
    RPAREN
    SEMI
    RBRACE

    View Slide

  9. FnDecl
    RetVal
    int
    Args
    char* s
    StmtList
    Ident
    thing
    call

    puts
    s

    View Slide

  10. (FnDecl thing ((char* s))
    (apply puts (s))

    View Slide

  11. Sidenote: Golang
    src/cmd/internal/gc/lex.go

    View Slide

  12. Sidenote: Golang
    src/cmd/internal/gc/lex.go

    View Slide

  13. Sidenote: Golang

    View Slide

  14. what even is a compiler
    Lex tokens Parse AST
    Codeg
    asm
    Assem
    Objec
    Link Execu
    input
    Analysis!

    View Slide

  15. what even is a compiler
    Lex tokens Parse AST
    Codeg
    asm
    Assem
    Objec
    Link Execu
    input
    Type checking
    Coherence
    Optimisation

    View Slide

  16. View Slide

  17. View Slide

  18. cool, so why do I give a
    fuck?
    • In the context of safety there are really only two
    high level things you should actually care about:

    View Slide

  19. cool, so why do I give a
    fuck?
    • How hard is it to crash my program?
    • How hard is it for an attacker to make that crash
    turing complete?

    View Slide

  20. View Slide

  21. difficulty of crash ==
    memory safety
    • Naïve solutions, fully managed memory:
    • Refcounting
    • Garbage collection

    View Slide

  22. memory safety: hardcode
    mode
    • Region based analysis:
    • Apple’s ARC
    • Rust’s borrow checker
    • enferex wrote a paper on slapping this onto
    golang

    View Slide

  23. rust’s approach

    View Slide

  24. You can ~always subvert
    this

    View Slide

  25. You can ~always subvert
    this

    View Slide

  26. The thing about people is

    View Slide

  27. View Slide

  28. View Slide

  29. Smashing the Stack

    View Slide

  30. How *did* it work?

    View Slide

  31. An stack frame
    Dataz
    Old frame pointer
    return address

    View Slide

  32. Creating an stack frame
    Dataz
    Old frame pointer
    return address
    mflr r0
    stw r0, 4(r1)
    stwu r1, -16(r1)
    Dataz
    Old frame pointer
    return address

    View Slide

  33. Destroying an stack frame
    Dataz
    Old frame pointer
    return address
    addi r1, r1, 16
    lwz r0, 4(r1)
    mtlr r0
    blr
    Dataz
    Old frame pointer
    return address

    View Slide

  34. ohnoes
    Dataz
    Old frame pointer
    return address
    lwz r3, -16(r1)
    blr sym.gets
    addi r1, r1, 16
    lwz r0, 4(r1)
    mtlr r0
    blr
    Dataz
    Old frame pointer
    return address

    View Slide

  35. View Slide

  36. Why doesn’t this work?
    • SSP: Stack Smashing Protection

    View Slide

  37. • SSP: Stack Smashing Protection

    View Slide

  38. • SSP: Stack Smashing Protection

    View Slide

  39. • SSP: Stack Smashing Protection

    View Slide

  40. Why doesn’t this work?
    • ASLR: envp is randomised

    View Slide

  41. • ASLR: everything! is randomised.. kinda

    View Slide

  42. • ASLR: everything! is randomised.. kinda

    View Slide

  43. • ASLR: everything! is randomised.. kinda

    View Slide

  44. • echo 0 | sudo tee /proc/sys/kernel/
    randomize_va_space

    View Slide

  45. Why doesn’t this work?
    • DEP: the stack isn’t executable

    View Slide

  46. You don’t even have to do that iff:
    * Your overwite is big enough
    * Some idiot made the stack executable

    View Slide

  47. It’s 2015 though

    View Slide

  48. It’s 2015 though
    Noone would do that

    View Slide

  49. *cough*golang*cough*
    https://github.com/golang/go/commit/
    3f34248a7712e451b4217aa135e9236e93ece964

    View Slide

  50. View Slide

  51. RELRO
    • Not actually a great protection, but a fine
    deterrent
    • Some pretty neat WTF about it’s original design

    View Slide

  52. No relro
    .got
    .dtors
    .data
    .bss

    View Slide

  53. Partial RELRO
    .got
    .dtors
    .data
    .bss

    View Slide

  54. FULL RELRO
    .got
    .dtors
    .data
    .bss

    View Slide

  55. One last lol-go

    View Slide

  56. Conclusion
    • I did not actually have a point
    • I just think compilers are neat
    • Rust == Good
    • Go == Good but fucking lulzy if you dare peek
    under the covers
    • Shoutout to ben who lent me a charger at 1 this
    morning

    View Slide

  57. Questions?
    • richo
    • @rich0H
    • github.com/richo
    • some slideshare url, I’ll toot it

    View Slide