LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for December 4, 2008

KSM runs into patent trouble

Tux3: the other next-generation filesystem

LWN.net Weekly Edition for November 27, 2008

LWN.net Weekly Edition for November 20, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Code generation == compilation; plugins and security

Code generation == compilation; plugins and security

Posted Mar 22, 2006 9:54 UTC (Wed) by wingo (subscriber, #26929)
Parent article: Ethereal and security

"Automatic code generation" is a fancy phrase for compilation. It entails writing protocol dissectors in a higher-level language, one that is not C. A poignant demonstration that C is an inappropriate language for dealing with untrusted data streams.

It can be done, of course, but the code needs to be written by someone with an understanding of its pitfalls. In a plugin-based data stream processor like ethereal, this will never be the case: contributors unfamiliar with the code base will come, add support for their protocol, then leave. Core developers don't want to reject these contributions -- "only people that want to use this will be using it" -- but every dissector adds a new attack vector.

The same pattern exists in media players/frameworks: xine, mplayer, gstreamer, ... (This theory doesn't however explain the plethora of bugs in image parsers -- PNG is not exactly a rare format.)

(Log in to post comments)

Code generation == compilation; plugins and security

Posted Mar 23, 2006 18:57 UTC (Thu) by flewellyn (subscriber, #5047) [Link]

No, I think what they mean by "code generation" is something more akin to Lisp macros, but since it's in C, they have to use another description language, and translate that into C code.

Those who do not learn from Lisp are doomed to reimplement it poorly.

Code generation == compilation; plugins and security

Posted Mar 24, 2006 9:24 UTC (Fri) by wingo (subscriber, #26929) [Link]

To translate from a higher level language to a lower one is to compile. This is true whether your lower level language is extended via macros to give you a higher level language, or whether it is compiled by a separate program. For example, Chicken is a scheme to C compiler, not "code generator".

Note that macro evaluation implies compilation for Common Lisp at least, because it happens at read-time.

Code generation == compilation; plugins and security

Posted Mar 27, 2006 21:03 UTC (Mon) by devinjones (subscriber, #11272) [Link]

Perhaps they are using "code generator" instead of compiler because they are translating from a functional specification to a procedural language.

Code generation == compilation; plugins and security

Posted Mar 30, 2006 7:51 UTC (Thu) by jmayer (subscriber, #595) [Link]

We currently have code generators for (parts of) the following
description/specification formats:
- ASN.1 (many ITU-Standards, some IETF ones, some others)
- Idl (MS-RPC)
- Many higher level netware protocols
- X11 packets
The first two being the "more important" ones as they generate dissectors
from "standardized" description formats (although we need to supply some
code manually to "aid" the generated code).

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds