C dangerous?

[Richard Heathfield]

Well, thanks for educating me here! I need to try this out the next time
I
can lay hands on someone else's XP/2K box This one's even shorter
than the winnuke code (that I have seen in action crashing Win95/98
machines) that exploited some mishandling of OOB TCP data.

Oh yes. Er, yes indeed.

I discovered TCP/IP programming a little later in life than I would have
liked, and was experimenting with stuff I'd found in Stevens some time in
1997 or 1998 (for genuine work reasons, honest!); I discovered, quite by
chance, that broadcasting an OOB packet over a Win95 LAN has - um - a
remarkable effect on co-workers.

It would have been embarrassing, but fortunately nobody seemed to connect
the event with my sudden disappearance from the office for a breath of
fresh air.

 

[Dan Pop]

Of course I am!


Yes. The machine restarted spontaneously, and failed to detect the hard
disks on the restart. (A cold boot fixed it, thank heaven.)

Then, it was not a disk failure, it was an OS failure. Big difference!

Dan

 

[Dan Pop]

I am not sure if you're joking or serious here. Did it really happen? If
it did... well, I never... That code crashes the hard disk???? Seriously, I
don't even see undefined behavior in there.

There isn't. Merely unspecified.

The non-obvious effect of printing "\t\b\b\b\b\b" on the console of
certain high end Windows flavours is a system crash. If the system
crashes at the "right" moment, it can leave the filesystem in a bad
state, so that part of it can become unusable.

Of course, this doesn't qualify as disk failure, but this is a too fine
point for RH.

Dan

 

[Nils Petter Vaskinn]

The non-obvious effect of printing "\t\b\b\b\b\b" on the console of
certain high end Windows flavours is a system crash. If the system
crashes at the "right" moment, it can leave the filesystem in a bad
state, so that part of it can become unusable.

According to RH it was worse than that. The machine didn't detect the
drive on a warm reboot but a cold reboot fixed the problem. That doesn't
sound like filesystem corruption but one or more out of:
1: the electronics on the drive "crashing" or shutting down because of
incorrect traffic on the interface
2: System memory beeing trampled (bios, disk controller, the drive itself)
and left in some kind of corrupted state that a warm reboot doesn't
reset.
3: Nasal demons finding a new habitat in the drive but leaving when
the landlord cuts the electricity for their video games.

Of course, this doesn't qualify as disk failure, but this is a too fine
point for RH.

Since a cold reboot fixed it, and scandisk wasn't mentioned I don't think
we're talking filesystem corruption here.

 

[Darrell Grainger]

Dennis wrote me back and I'm not quite sure I understood what he was trying
to say so I'll post his response. Maybe someone will understand better.
/* Dennis's response */
At least some graphics cards were able to
destroy a monitor if the settings were wrong
enough. And of course you can overwrite your
disk, but that's different.

However, it's likely that these things could
be done in Perl as well.

/* End Dennis's response */

Does anyone understand this a little better than me?

In repsonse to your first question, years ago the average computer user
could get a computer system that allowed them to trash it. The operating
systems twenty years ago did not have as much protection as they do
today. On something like Windows or MacOS it is a lot harder to program at
the raw hardware layer. The operating system gets in your way and protects
you. By the time you figure out how to get around the operating system and
to the hardware directly, you should have enough knowledge not to damage
anything.

Bottom line, if the book was published 15 or 20 years ago it was valid
back then but it is not as much of a concern today.

In response to what Dennis Ritchie indicates, twenty years ago I have a
computer with a video chip. I could write directly to the video chip. I
wrote a program that tried various combinations of values on the video
chip registers. I didn't have any documentation on the video chip so I was
trying to learn by trial and error. My monitor was a fixed sync rate NTSC
video monitor. I accidently told the video chip to send a signal to the
monitor that the monitor was not capable of handling. The monitor caught
fire.

On another computer, it was possible to run some memory mapped code that
would format the hard drive. If my code accidently got corrupted and
program execution got misdirected to that memory location, it would format
my hard drive.

Again, this was twenty years ago. Today's monitors are much more resilent
and the operating system will not let me address the video card directly.
Hard drive controllers are also protected by the operating system. It is
less likely that a badly written program will corrupt your system, damage
the monitor or format your drive. This is not to say it is impossible,
just not likely.

 

[Kenneth Brody]

Bill Cunningham wrote:
[...]

Dennis wrote me back and I'm not quite sure I understood what he was trying
to say so I'll post his response. Maybe someone will understand better.
/* Dennis's response */
At least some graphics cards were able to
destroy a monitor if the settings were wrong
enough. And of course you can overwrite your
disk, but that's different.

However, it's likely that these things could
be done in Perl as well.

/* End Dennis's response */

Does anyone understand this a little better than me?

If you are running an O/S that allows direct access to the video
hardware, then you can program it to do "bad things" as far as the
monitor is concerned. For example, give it a sync signal that is
far enough out of the monitor's range, leave it in that state for
long enough, and something bad will happen to the monitor.

Such things are easy to do with platform-specific extensions to
"C", and Dennis is saying that it may be possible to do the same
things in Perl on such a platform.


<WayBackMachine year="1979">

The TRS-80 Model 2 had its video memory bank-switched with the top
16K(?) of "normal" memory. To access it, you bank-switched it in,
did what you had to do, and switched it out back to "normal" memory.
During this time, the video signal was cut off.

As everyone knows, using the BIOS to display text is much slower
than simply writing to video memory, so that's what was done.

Fast-forward a year to the release of TRS-DOS 2, which included a
print spooler. It's code was placed in the "normal" memory bank
that was swapped out when accessing video memory. It was executed
on the (maskable) clock-tick interrupt.

Put the two previous paragraphs together, and imagine what would
happen if the clock-tick interrupt occurred while the video memory
was swapped in, and interupts are enabled.

The interrupt occurs, and the O/S calls the spooler. Unfortunately,
at the spooler's address there is video memory instead, which does
not make for very good executable code. The machine freezes, with
the video signal still off. Well, the hardware wasn't designed to
run that way for more than a few milliseconds, and (as I recall)
the flyback transformer would overload and explode. (Well, maybe
not "explode", but "die a horrible death" at least.)

</WayBackMachine>


Now, to put this back on-topic...

The following program may cause hardware damage, though the results
are not guaranteed.

======

void main()
{
char *pt, c;

*( pt = pt++ ) = c;

}

======
--

+---------+----------------------------------+-----------------------------+
| Kenneth | kenbrody at spamcop.net | "The opinions expressed |
| J. | http://www.hvcomputer.com | herein are not necessarily |
| Brody | http://www.fptech.com | those of fP Technologies." |
+---------+----------------------------------+-----------------------------+

 

[Kenneth Brody]

Christopher Dyken wrote:
[...]

| Does anyone understand this a little better than me?

I think I understand your question in the same way Dennis does: You
wonder if it is possible for a program written in C to physically
damage your computer.

And the answer to this is "very unlikely". And if you don't do kernel
programming, "not at all".

It depends on the O/S. Any "real" O/S will provide hardware abstraction
at some level. Some, like MS-DOS, allow you do to anything at any time
with any piece of hardware that you like.

Could a user application on a Unix box damage hardware? As you say,
"very unlikely", unless there is a poorly written device driver that
will allow bad control data to be passed to it without checking.

(However, poking around in the memory using perl is substantially more
difficult than doing it in C. But I have trouble seeing how this
relate to CGI.)

CGI is more likely to damage files than hardware, if it doesn't protect
itself from malicious user input. But, as someone pointed out, Perl
has a mode to detect most of these automatically, whereas in C you
would have to code the protection yourself. (This is obviously doable.
After all, isn't Perl itself written in C?)

[...]

--

+---------+----------------------------------+-----------------------------+
| Kenneth | kenbrody at spamcop.net | "The opinions expressed |
| J. | http://www.hvcomputer.com | herein are not necessarily |
| Brody | http://www.fptech.com | those of fP Technologies." |
+---------+----------------------------------+-----------------------------+

 

[Richard Bos]

\b (backspace) Moves the active position to the previous position on
the current line. If the active position is at the initial position
of a line, the behavior of the display device is unspecified.

[...]

\t (horizontal tab) Moves the active position to the next horizontal
tabulation position on the current line. If the active position is
at or past the last defined horizontal tabulation position, the
behavior of the display device is unspecified.

Given this specification and that it is not specified where the "next
horizontal tabulation position" is, I think that the program could cause
unspecified behavior of the display device.

_Unspecified_, not undefined. And I don't think putting the hard disk or
even the screen in temporarily-out-of-action mode is one of the options
allowed by the Standard for this instance of unspecified behaviour.

Richard

 

[Richard Bos]

I agree. That's why I concluded in my previous posting that an
implementation doing that is non-conforming.

Ok; but my point was that even if the semi-crashed device is the display
device itself, it still is non-conforming. Doesn't matter wether the
disk is not the device written to; crashing is not, AFAICT, part of the
acceptable unspecified behaviour even for the display device.

Richard

 

[Martin Dickopp]

\b (backspace) Moves the active position to the previous position on
the current line. If the active position is at the initial position
of a line, the behavior of the display device is unspecified.

[...]

\t (horizontal tab) Moves the active position to the next horizontal
tabulation position on the current line. If the active position is
at or past the last defined horizontal tabulation position, the
behavior of the display device is unspecified.

Given this specification and that it is not specified where the "next
horizontal tabulation position" is, I think that the program could cause
unspecified behavior of the display device.

_Unspecified_, not undefined.

Yes, that's actually what I said.

In case I haven't been clear enough, my point was that the program does
*not* cause undefined behavior, but unspecified behavior of the display
device.

And I don't think putting the hard disk or even the screen in
temporarily-out-of-action mode is one of the options allowed by the
Standard for this instance of unspecified behaviour.

I agree. That's why I concluded in my previous posting that an
implementation doing that is non-conforming.

 

[Dan Pop]

According to RH it was worse than that.

I was not even trying to describe what happened on his system. I was
merely pointing out the worst that could realistically happen when
executing that program on one of the affected Windows systems, because
RH offered it as an example of dangerous C program.

Since a cold reboot fixed it, and scandisk wasn't mentioned I don't think
we're talking filesystem corruption here.

See my comment above. Filesystem corruption is the worst this program
can normally do, whether it happened or not to RH.

On my laptop, it is impossible to hot boot Windows after Linux: the
booting process will systematically freeze in the same place and the
power button is the only way out. Linux hot boots after Windows without
any problems. Does this mean that my laptop is somehow physically
damaged after booting Linux?

Dan

 

[Christopher Dyken]

| Christopher Dyken wrote:
| [...]| CGI is more likely to damage files than hardware, if it doesn't protect
| itself from malicious user input. But, as someone pointed out, Perl
| has a mode to detect most of these automatically, whereas in C you
| would have to code the protection yourself. (This is obviously doable.
| After all, isn't Perl itself written in C?)

I pointed that out. The taint mode in perl is essentially a
requirement that that anything you pass to "dangerous subroutines"
(e.g. system()) is from your own data or the result from a regular
expression. Quite handy when doing CGI stuff, but it requires your
reg-exp'es to be bullet-proof.

Throwing input into a regular expression is ofcourse do-able in C, but
to keep track of which variables are tainted and which is not
automagically is IMHO not that easy. Atleast not in a idiot-proof way
in out-of-the-box style.


Cheers,
Chris.

 

[Martin Dickopp]

Ok; but my point was that even if the semi-crashed device is the display
device itself, it still is non-conforming. Doesn't matter wether the
disk is not the device written to; crashing is not, AFAICT, part of the
acceptable unspecified behaviour even for the display device.

Unspecified behavior is defined in 3.4.4#1 as "behavior where this
International Standard provides two or more possibilities and imposes
no further requirements on which is chosen in any instance". Although
5.2.2 does not really provide two or more possibilities of acceptable
behavior for a display device, I tend to agree with you.

 

[Peter Pichler]

I've actually tried this one, it was fun! No harddisk failure though,
only blue screen. Cold restart was necessary. After that, the system
started fine, not even scandisk was launched.

Yes... you forgot viruses...

#include <stdio.h>
#include <stdlib.h>

int main(void) {
printf("Your system is affected by ancient virus\n");
printf("Remove all files from your computer\n");
printf(" and distribute this virus to your friends.\n");
return EXIT_SUCCESS;
}

This is also a social engineering technique. Moreover, it has a flaw
that could fortunately be fixed by swapping the last two pritf()s.
Possibly with some minor fine-tuning ;-)

Peter

 

[Peter Pichler]

....in his usual friendly style:

If you were not the patent idiot you are, you'd have realised that this is
a general software issue, having nothing to do with C.

So, IF it is possible to damage a computer via software, C is one of the
many languages that will allow you to do it.

Of course, otherwise it would be... well... useless.

[...] ten years ago it was
perfectly possible to damage a monitor (fry the final transistor of the
horizontal deflection circuitry) with a text editor (under Linux) or the
mouse (under Windows). All you had to do was select a video mode the
monitor could not support.

Or simply by pulling the video cable with the monitor still on.
That was fun!

Peter

 

[Troll_King]

I read an article in a book about Perl and Common Gateway Interface and it
mentioned C. It said that C could damage your computer. I don't know wether
it meant the standard or compiler issuses. I was a little upset. Well more
upset. I sent Dennis Ritchie and email. I don't know if he'll respond if he
gets it. Sometimes he does sometimes not. How can C damage your computer?

Bill

The only thing that will make C dangerous is if the patent offices
gives Microsoft permission to own it.

 

[=?iso-8859-1?q?Jos=E9_de_Paula?=]

Em Wed, 18 Feb 2004 10:13:46 -0500, Kenneth Brody escreveu:

The following program may cause hardware damage, though the results
are not guaranteed.

======

void main()
{
char *pt, c;

*( pt = pt++ ) = c;

}

======

I think this program would only segfault on an *operating* system...

 

[Bill Cunningham]

I do know, and personally witnessed several times and caused at
least once, that an old TRS-80 monitor would start to smoke if you
had the TRS-80 connected to an in-circuit CPU emulator and did not
permit the startup ROM to initialize the video circuitry with
reasonable timing. (The emulator would power up with the CPU paused
just before executing the first instruction if you didn't tell it
to do otherwise) If not corrected within a few minutes, you had a
dead monitor, and a horribly-smelling room. I think you could
accomplish the same thing by removing the CPU chip and powering it
up. I believe that certain early PC monitors (e.g. 1984) also had
the same problem if given strange video frequencies.

Although no one ever tried it to my knowledge, explicitly setting
the video circuits to their power-up values would probably have
accomplished the same thing deliberately - and since TRSDOS ran
completely unprotected on a Z80 with no hardware memory protection
and no privilege required to do I/O instructions, if you could get
a user to run your program, you're able to fry the system. However,
the community of TRS-80 users wasn't connected well enough to really
make a virus workable.

XFree86 warns of possible hardware damage if you attempt to drive
a monitor beyond its capabilities, for example, 1280x1024 @80Hz on
a monitor only designed to do 640x480 @60Hz. I believe that modern
monitors are protected to the extent that they won't self-destruct. But
if they do, I won't be responsible for replacing your monitor.
This leaves open the possibility that hardware damage can be caused by
a few keystrokes or mouse clicks in the monitor configuration section
of your OS GUI.

On a modern PC there are probably a few things that can be done to
at least reduce the life of the hardware:
- Repeatedly spin up and spin down the hard drive.
- Shut off all the software-controlled fans.
- Run the CPU in a continuous infinite loop (e.g. SETI@HOME) for maximum heat
- Repeatedly power-cycle the motherboard, by setting an alarm for it to
wake up, then shutting off power.

There are a number of things that, while not necessarily "hardware damage",
would probably cause you to return your system to the factory for repair
or junk it, as a normal OS re-install wouldn't fix it:

- re-flashing the BIOS with nothing but HALT instructions.
- loading garbage firmware into devices such as hard disks, wireless network
cards, CD-ROM drives, etc.
- reformatting the hard drive with a strange format with, say, 387-byte
sectors.

Now for the C relevance: all of the above *MIGHT* be done
with the following program:

#include <stdio.h>
void main(int argc, char **argv)
{
fflush(stdin);
exit(0);
}

Gordon L. Burditt

I had an old TRS-80 Color Computer and one day I decided I was going to
start "poking" values into addresses. The monitor shut off. The computer
began to make "grunting" noises I turned it off immediately. It still worked
after that but one day I turned on the CoCo and there was a loud pop and a
puff of smoke. I blew the transformer.

Bill

 

[Nils Petter Vaskinn]

See my comment above. Filesystem corruption is the worst this program
can normally do, whether it happened or not to RH.

On my laptop, it is impossible to hot boot Windows after Linux: the
booting process will systematically freeze in the same place and the
power button is the only way out. Linux hot boots after Windows without
any problems. Does this mean that my laptop is somehow physically
damaged after booting Linux?

No, but neither is the filesystem.
I didn't say that anything was physically damaged, I said that it didn't
sound like "leaving the filesystem in a bad state" and offered an
alternative shot in the dark about what really happened.

I cannot imagine how the filesystem could be broken in such a way that a
cold reboot will find it while a hot reboot won't, that's why I don't buy
the filesystem corruption idea. Unfortunately RH didn't state if the bios
saw the drive wile the os didn't.

 

[Dan Pop]

...in his usual friendly style:

[...] ten years ago it was
perfectly possible to damage a monitor (fry the final transistor of the
horizontal deflection circuitry) with a text editor (under Linux) or the
mouse (under Windows). All you had to do was select a video mode the
monitor could not support.

Or simply by pulling the video cable with the monitor still on.
That was fun!

Not sure if it counts as a software method... ;-)

Dan