C dangerous?

Discussion in 'C Programming' started by Bill Cunningham, Feb 17, 2004.

  1. I read an article in a book about Perl and Common Gateway Interface and it
    mentioned C. It said that C could damage your computer. I don't know wether
    it meant the standard or compiler issuses. I was a little upset. Well more
    upset. I sent Dennis Ritchie and email. I don't know if he'll respond if he
    gets it. Sometimes he does sometimes not. How can C damage your computer?

    Bill





    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
    Bill Cunningham, Feb 17, 2004
    #1
    1. Advertising

  2. "Bill Cunningham" <> writes:

    | I read an article in a book about Perl and Common Gateway Interface and it
    | mentioned C. It said that C could damage your computer. I don't know wether
    | it meant the standard or compiler issuses. I was a little upset. Well more
    | upset. I sent Dennis Ritchie and email. I don't know if he'll respond if he
    | gets it. Sometimes he does sometimes not. How can C damage your computer?

    The only way damaging the computer with C I can think of is
    programming a bad kernel-driver trashing on some extremely fragile
    hardware. Otherwise, your OS is broken. :)

    However, what is probably meant is that using C from cgi requires
    quite some caution. Since a CGI program receives input from any (and
    potential malicious) users, it must take a lot of precautions. For
    example, passing your arguments unchecked to a shell is a bad idea,
    for then a example "; rm -rf /" wipes clean whatever the http-user can
    delete.

    Perl has (in addition to dynamic arrays etc.) something called
    taint-mode that can identify some of these issues and take appropriate
    action (abort).

    So to summarize: It is very unlikely that a C program actually damages
    your computer, but a broken C program can mess
    (read/forward/delete/whatever) the files the user running the C
    program has access to. And since you through CGI let anyone run this
    program, this is a major security concern.

    Cheers
    Chris.

    --
    email address available at http://www.ifi.uio.no/~erikd/index.cgi
    Christopher Dyken, Feb 17, 2004
    #2
    1. Advertising

  3. Bill Cunningham

    David Rubin Guest

    Bill Cunningham wrote:

    > I read an article in a book about Perl and Common Gateway Interface and it
    > mentioned C. It said that C could damage your computer. I don't know wether
    > it meant the standard or compiler issuses. I was a little upset. Well more
    > upset. I sent Dennis Ritchie and email. I don't know if he'll respond if he
    > gets it. Sometimes he does sometimes not. How can C damage your computer?
    >
    > Bill


    The issue is really that if you don't C, you could accidentally push
    your computer off the table...

    /david

    --
    Andre, a simple peasant, had only one thing on his mind as he crept
    along the East wall: 'Andre, creep... Andre, creep... Andre, creep.'
    -- unknown
    David Rubin, Feb 17, 2004
    #3
  4. Bill Cunningham

    gabriel Guest

    > How
    > can C damage your computer?


    Blah, just some language zealot. They're a dime a dozen.

    --
    gabriel
    gabriel, Feb 17, 2004
    #4
  5. "Christopher Dyken" <> wrote in message
    news:...
    > The only way damaging the computer with C I can think of is
    > programming a bad kernel-driver trashing on some extremely fragile
    > hardware. Otherwise, your OS is broken. :)
    >
    > However, what is probably meant is that using C from cgi requires
    > quite some caution. Since a CGI program receives input from any (and
    > potential malicious) users, it must take a lot of precautions. For
    > example, passing your arguments unchecked to a shell is a bad idea,
    > for then a example "; rm -rf /" wipes clean whatever the http-user can
    > delete.
    >
    > Perl has (in addition to dynamic arrays etc.) something called
    > taint-mode that can identify some of these issues and take appropriate
    > action (abort).
    >
    > So to summarize: It is very unlikely that a C program actually damages
    > your computer, but a broken C program can mess
    > (read/forward/delete/whatever) the files the user running the C
    > program has access to. And since you through CGI let anyone run this
    > program, this is a major security concern.
    >
    > Cheers
    > Chris.
    >

    Dennis wrote me back and I'm not quite sure I understood what he was trying
    to say so I'll post his response. Maybe someone will understand better.
    /* Dennis's response */
    At least some graphics cards were able to
    destroy a monitor if the settings were wrong
    enough. And of course you can overwrite your
    disk, but that's different.

    However, it's likely that these things could
    be done in Perl as well.

    /* End Dennis's response */

    Does anyone understand this a little better than me?

    Bill





    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
    Bill Cunningham, Feb 17, 2004
    #5
  6. Bill Cunningham <> scribbled the following:
    > Dennis wrote me back and I'm not quite sure I understood what he was trying
    > to say so I'll post his response. Maybe someone will understand better.
    > /* Dennis's response */
    > At least some graphics cards were able to
    > destroy a monitor if the settings were wrong
    > enough. And of course you can overwrite your
    > disk, but that's different.


    > However, it's likely that these things could
    > be done in Perl as well.


    > /* End Dennis's response */


    > Does anyone understand this a little better than me?


    I think what dmr / Dennis / Mr.Ritchie (choose your style) is trying to
    say is that actually damaging your computer programmatically requires
    native machine code. This machine code doesn't have to be typed in by
    hand though - it can have been compiled from C, Perl, or whatever.
    Sometimes you don't even need that - some languages specify interfaces
    to native machine code. That is, you call a function (in C terminology)
    where the calling interface is in C, Perl, or whatever, but the actual
    function code is in native machine code. Graphics cards drivers usually
    do this. Doing things with your graphics card is way beyond C's
    abilities, but it can be done in native machine code, and people who
    write graphics card drivers usually write their code so that it allows
    functions to be called through a C interface.

    --
    /-- Joona Palaste () ------------- Finland --------\
    \-- http://www.helsinki.fi/~palaste --------------------- rules! --------/
    "C++. C++ run. Run, ++, run."
    - JIPsoft
    Joona I Palaste, Feb 17, 2004
    #6
  7. Bill Cunningham wrote:

    > Dennis wrote me back


    Dennis who?

    > and I'm not quite sure I understood what he was trying to say
    > so I'll post his response.


    Did you get his permission to post this response?
    E. Robert Tisdale, Feb 17, 2004
    #7
  8. "Bill Cunningham" <> writes:
    | Dennis wrote me back and I'm not quite sure I understood what he was trying
    | to say so I'll post his response. Maybe someone will understand better.
    | /* Dennis's response */
    | At least some graphics cards were able to
    | destroy a monitor if the settings were wrong
    | enough. And of course you can overwrite your
    | disk, but that's different.
    >

    | However, it's likely that these things could
    | be done in Perl as well.
    >

    | /* End Dennis's response */
    >

    | Does anyone understand this a little better than me?

    I think I understand your question in the same way Dennis does: You
    wonder if it is possible for a program written in C to physically
    damage your computer.

    And the answer to this is "very unlikely". And if you don't do kernel
    programming, "not at all".

    (However, poking around in the memory using perl is substantially more
    difficult than doing it in C. But I have trouble seeing how this
    relate to CGI.)

    Bad design of a C/perl/python/assembler/whatever program can cripple
    any data the user who is running the program has access to. What means
    different languages/run-time systems apply to prevent this varies. But
    perl can mess up your files as easily as C. But this doesn't
    physically harm your computer.


    Cheers,
    Chris.

    --
    email address available at http://www.ifi.uio.no/~erikd/index.cgi
    Christopher Dyken, Feb 17, 2004
    #8
  9. Bill Cunningham wrote:
    > I read an article in a book about Perl and Common Gateway Interface and it
    > mentioned C. It said that C could damage your computer. I don't know wether
    > it meant the standard or compiler issuses. I was a little upset. Well more
    > upset. I sent Dennis Ritchie and email. I don't know if he'll respond if he
    > gets it. Sometimes he does sometimes not. How can C damage your computer?
    >
    > Bill


    The C language cannot damage your computer. An
    executable program can, regardless of the language
    it was written in. I can write a program in assembly
    that will trash your harddrive and play havoc on
    your graphics card. I could write it in C, C++
    and Basic as well. The danger only lies in the
    execution of said program.

    --
    Thomas Matthews

    C++ newsgroup welcome message:
    http://www.slack.net/~shiva/welcome.txt
    C++ Faq: http://www.parashift.com/c -faq-lite
    C Faq: http://www.eskimo.com/~scs/c-faq/top.html
    alt.comp.lang.learn.c-c++ faq:
    http://www.raos.demon.uk/acllc-c /faq.html
    Other sites:
    http://www.josuttis.com -- C++ STL Library book
    Thomas Matthews, Feb 17, 2004
    #9
  10. "Joona I Palaste" <> wrote in message
    news:c0tu4n$g2b$...
    >
    > I think what dmr / Dennis / Mr.Ritchie (choose your style) is trying to
    > say is that actually damaging your computer programmatically requires
    > native machine code. This machine code doesn't have to be typed in by
    > hand though - it can have been compiled from C, Perl, or whatever.
    > Sometimes you don't even need that - some languages specify interfaces
    > to native machine code. That is, you call a function (in C terminology)
    > where the calling interface is in C, Perl, or whatever, but the actual
    > function code is in native machine code. Graphics cards drivers usually
    > do this. Doing things with your graphics card is way beyond C's
    > abilities, but it can be done in native machine code, and people who
    > write graphics card drivers usually write their code so that it allows
    > functions to be called through a C interface.
    >

    Are you saying device drivers should probably be written in assembly? Or
    maybe straight binary?

    Bill





    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
    Bill Cunningham, Feb 17, 2004
    #10
  11. Richard Heathfield, Feb 17, 2004
    #11
  12. Bill Cunningham wrote:

    > How can C damage your computer?


    /* The social engineering technique */
    #include <stdio.h>
    int main(void)
    {
    puts("Please destroy the computer with an axe.");
    puts("If you don't have an axe, at least");
    puts("hit the monitor with a chair.");
    puts("Thank you.");
    return 0;
    }

    /* The system-specific technique */
    #include <stdlib.h>
    int main(void)
    {
    system("insert system-trashing command here");
    return 0;
    }

    /* The undefined behaviour technique (not guaranteed, alas) */
    void main() { gets(0); }

    /* The Windows technique - this one caused
    * a disk failure on my Windows 2000 box
    */
    #include <stdio.h>
    int main(void)
    {
    int i;
    for(i = 0; i < 1000; i++)
    {
    printf("\t\b\b\b\b\b");
    fflush(stdout);
    }

    return 0;
    }


    Anyone care to add to the list?


    Note: none of these problems is unique to C. If a programming language can
    access your hardware, it can almost certainly /damage/ your hardware too.
    And even if it can't, it might be able to trick the /user/ into damaging
    your hardware. With an axe.

    C is dangerous in the same way that any powerful tool can be dangerous if
    handled maliciously or incompetently. A scalpel is dangerous in the hands
    of an infant or a psychopath, but remains useful in the hands of a surgeon.

    If you don't want to use a powerful tool, try some other language.

    --
    Richard Heathfield :
    "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
    C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
    K&R answers, C books, etc: http://users.powernet.co.uk/eton
    Richard Heathfield, Feb 17, 2004
    #12
  13. Bill Cunningham

    David Rubin Guest

    Bill Cunningham wrote:

    [snip - how to destroy your computer]
    > /* Dennis's response */
    > At least some graphics cards were able to
    > destroy a monitor if the settings were wrong
    > enough. And of course you can overwrite your
    > disk, but that's different.
    >
    > However, it's likely that these things could
    > be done in Perl as well.


    http://www.duk0r.net/matrix/107.jpg

    /david

    --
    Andre, a simple peasant, had only one thing on his mind as he crept
    along the East wall: 'Andre, creep... Andre, creep... Andre, creep.'
    -- unknown
    David Rubin, Feb 17, 2004
    #13
  14. Christopher Dyken wrote:

    > Bad design of a C/perl/python/assembler/whatever program can cripple
    > any data the user who is running the program has access to. What means
    > different languages/run-time systems apply to prevent this varies. But
    > perl can mess up your files as easily as C. But this doesn't
    > physically harm your computer.
    >
    >
    > Cheers,
    > Chris.
    >


    Unless it has access to the assembly instruction
    "HCF" - halt and catch fire :)

    --
    Ñ
    "It is impossible to make anything foolproof because fools are so
    ingenious" - A. Bloch
    Nick Landsberg, Feb 17, 2004
    #14
  15. Bill Cunningham

    nrk Guest

    [OT] Re: C dangerous?

    Richard Heathfield wrote:

    > Bill Cunningham wrote:
    >
    >> How can C damage your computer?

    >
    > /* The social engineering technique */
    > #include <stdio.h>
    > int main(void)
    > {
    > puts("Please destroy the computer with an axe.");
    > puts("If you don't have an axe, at least");
    > puts("hit the monitor with a chair.");
    > puts("Thank you.");
    > return 0;
    > }
    >
    > /* The system-specific technique */
    > #include <stdlib.h>
    > int main(void)
    > {
    > system("insert system-trashing command here");
    > return 0;
    > }
    >
    > /* The undefined behaviour technique (not guaranteed, alas) */
    > void main() { gets(0); }
    >
    > /* The Windows technique - this one caused
    > * a disk failure on my Windows 2000 box
    > */


    I am not sure if you're joking or serious here. Did it really happen? If
    it did... well, I never... That code crashes the hard disk???? Seriously, I
    don't even see undefined behavior in there.

    -nrk.

    > #include <stdio.h>
    > int main(void)
    > {
    > int i;
    > for(i = 0; i < 1000; i++)
    > {
    > printf("\t\b\b\b\b\b");
    > fflush(stdout);
    > }
    >
    > return 0;
    > }
    >
    >
    > Anyone care to add to the list?
    >
    >
    > Note: none of these problems is unique to C. If a programming language can
    > access your hardware, it can almost certainly /damage/ your hardware too.
    > And even if it can't, it might be able to trick the /user/ into damaging
    > your hardware. With an axe.
    >
    > C is dangerous in the same way that any powerful tool can be dangerous if
    > handled maliciously or incompetently. A scalpel is dangerous in the hands
    > of an infant or a psychopath, but remains useful in the hands of a
    > surgeon.
    >
    > If you don't want to use a powerful tool, try some other language.
    >


    --
    Remove devnull for email
    nrk, Feb 17, 2004
    #15
  16. [OT] Re: C dangerous?

    Nick Landsberg <> writes:

    | Christopher Dyken wrote:
    >
    >> Bad design of a C/perl/python/assembler/whatever program can cripple
    >> any data the user who is running the program has access to. What means
    >> different languages/run-time systems apply to prevent this varies. But
    >> perl can mess up your files as easily as C. But this doesn't
    >> physically harm your computer.
    >> Cheers,
    >> Chris.
    >>

    >

    | Unless it has access to the assembly instruction
    | "HCF" - halt and catch fire :)

    Has anyone encountered a virus that actually harms the hardware of the
    host computer? The virus-engineers usually quite clever when it comes
    to malicious code.

    (and I don't mean in an indirect way, e.g. annoying the user beyond
    sanity so the user assualts the hardware from pure frustration)


    Cheers,
    Chris.


    --
    email address available at http://www.ifi.uio.no/~erikd/index.cgi
    Christopher Dyken, Feb 17, 2004
    #16
  17. Re: [OT] Re: C dangerous?

    Christopher Dyken <> writes:

    > Has anyone encountered a virus that actually harms the hardware of the
    > host computer?


    While I have not personally encountered it, a virus existed which tried
    to overwrite the BIOS of PCs which allowed BIOS upgrades without setting
    a jumper on the motherboard. I'm not sure if this should be counted as
    hardware damage, but it certainly had the effect that affected PCs
    wouldn't boot.

    > The virus-engineers usually quite clever when it comes to malicious
    > code.


    Huh? Most viruses are created with a few clicks in a virus construction
    kit. If virus writers were actually clever, the world would be very
    different.


    --
    ,--. Martin Dickopp, Dresden, Germany ,= ,-_-. =.
    / ,- ) http://www.zero-based.org/ ((_/)o o(\_))
    \ `-' `-'(. .)`-'
    `-. Debian, a variant of the GNU operating system. \_/
    Martin Dickopp, Feb 17, 2004
    #17
  18. Re: [OT] Re: C dangerous?

    nrk wrote:

    > Richard Heathfield wrote:
    >
    >> Bill Cunningham wrote:
    >>
    >>> How can C damage your computer?

    >>
    >> /* The social engineering technique */
    >> #include <stdio.h>
    >> int main(void)
    >> {
    >> puts("Please destroy the computer with an axe.");
    >> puts("If you don't have an axe, at least");
    >> puts("hit the monitor with a chair.");
    >> puts("Thank you.");
    >> return 0;
    >> }
    >>
    >> /* The system-specific technique */
    >> #include <stdlib.h>
    >> int main(void)
    >> {
    >> system("insert system-trashing command here");
    >> return 0;
    >> }
    >>
    >> /* The undefined behaviour technique (not guaranteed, alas) */
    >> void main() { gets(0); }
    >>
    >> /* The Windows technique - this one caused
    >> * a disk failure on my Windows 2000 box
    >> */

    >
    > I am not sure if you're joking or serious here.


    Of course I am!

    > Did it really happen?


    Yes. The machine restarted spontaneously, and failed to detect the hard
    disks on the restart. (A cold boot fixed it, thank heaven.)

    > If
    > it did... well, I never... That code crashes the hard disk????


    Your mileage may vary. On some Win2K machines, nothing happens, apparently.
    On others, the machine restarts but without the disk problems. It's not
    just Win2K. I believe NT4 and some versions of XP have the same problem. It
    is entirely possible that this problem has since been addressed by a
    bugfi\b\b\b\b\bService Pack.

    > Seriously,
    > I don't even see undefined behavior in there.


    Gotta love Microsoft. Gotta.

    Gotta.

    Gotta love 'em. Right. Yes.

    --
    Richard Heathfield :
    "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
    C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
    K&R answers, C books, etc: http://users.powernet.co.uk/eton
    Richard Heathfield, Feb 17, 2004
    #18
  19. Re: [OT] Re: C dangerous?

    Christopher Dyken wrote:

    <snip>

    > Has anyone encountered a virus that actually harms the hardware of the
    > host computer?


    There was an Amiga virus that played tunes on the floppy disk drive by
    adjusting the stepper motor speed. This didn't do the drive any good.

    You might want to take this to alt.folklore.computers or something.

    --
    Richard Heathfield :
    "Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
    C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
    K&R answers, C books, etc: http://users.powernet.co.uk/eton
    Richard Heathfield, Feb 17, 2004
    #19
  20. Richard Heathfield wrote:

    > Bill Cunningham wrote:
    >
    >
    >>How can C damage your computer?

    >
    >
    > /* The social engineering technique */
    > #include <stdio.h>
    > int main(void)
    > {
    > puts("Please destroy the computer with an axe.");
    > puts("If you don't have an axe, at least");
    > puts("hit the monitor with a chair.");
    > puts("Thank you.");
    > return 0;
    > }
    >
    > /* The system-specific technique */
    > #include <stdlib.h>
    > int main(void)
    > {
    > system("insert system-trashing command here");
    > return 0;
    > }
    >
    > /* The undefined behaviour technique (not guaranteed, alas) */
    > void main() { gets(0); }
    >
    > /* The Windows technique - this one caused
    > * a disk failure on my Windows 2000 box
    > */
    > #include <stdio.h>
    > int main(void)
    > {
    > int i;
    > for(i = 0; i < 1000; i++)
    > {
    > printf("\t\b\b\b\b\b");
    > fflush(stdout);
    > }
    >
    > return 0;
    > }
    >
    >
    > Anyone care to add to the list?
    >

    Yes... you forgot viruses...

    #include <stdio.h>
    #include <stdlib.h>

    int main(void) {
    printf("Your system is affected by ancient virus\n");
    printf("Remove all files from your computer\n");
    printf(" and distribute this virus to your friends.\n");
    return EXIT_SUCCESS;
    }

    :)

    cheers
    e.j.s
    sellountos euripides, Feb 17, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Munk

    A potentially dangerous Request.Form

    Alex Munk, Dec 16, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    577
    Adrijan Josic
    Dec 17, 2003
  2. Anil Kripalani
    Replies:
    2
    Views:
    479
    Eric Lawrence [MSFT]
    Feb 25, 2004
  3. amit
    Replies:
    1
    Views:
    505
    Eric Lawrence [MSFT]
    Feb 26, 2004
  4. cesark
    Replies:
    2
    Views:
    2,626
  5. Boris
    Replies:
    5
    Views:
    2,520
    Joe Kaplan \(MVP - ADSI\)
    Apr 17, 2004
Loading...

Share This Page