Information Security News mailing list archives
USENIX: Unstable code can lead to security vulnerabilities
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 20 Jun 2014 09:44:13 +0000 (UTC)
http://www.computerworld.com/s/article/9249246/USENIX_Unstable_code_can_lead_to_security_vulnerabilities By Joab Jackson IDG News Service June 19, 2014As if tracking down bugs in a complex application isn't difficult enough, programmers now must worry about a newly emerging and potentially dangerous trap, one in which a program compiler simply eliminates chunks of code it doesn't understand, often without alerting the programmer of the missing functionality.
The code that can lead to this behavior is called optimization-unstable code, or "unstable code," though it is more of a problem with how compilers optimize code, rather than the code itself, said Xi Wang, a researcher at the Massachusetts Institute of Technology. Wang discussed his team's work at the USENIX annual technical conference, being held this week in Philadelphia.
With unstable code, programs can lose functionality or even critical safety checks without the programmer's knowledge.
That this problem is only now coming to the attention of researchers may mean that many programs considered as secure, especially those written in C or other low-level system languages, may have undiscovered vulnerabilities.
[...] -- Evident.io - Continuous Cloud Security for AWS. Identify and mitigate risks in 5 minutes or less. Sign up for a free trial @ https://evident.io/
Current thread:
- USENIX: Unstable code can lead to security vulnerabilities InfoSec News (Jun 20)