Home » Blog » Categories » News

News

Are the Java vulnerabilities actually C and C++ vulnerabilities?

By Herb Sutter | Jan 15, 2013 01:40 PM | Tags: None

You've probably seen the headlines:

[US-CERT] Java in Web Browser: Disable Now!

We've been telling people to disable Java for years. ... We have confirmed that VU#625617 can be used to reliably execute code on Windows, OS X, and Linux platforms. And the exploit code for the vulnerability is publicly available and already incorporated into exploit kits. This should be enough motivation for you to turn Java off.

Firefox and Apple have blocked Java while U.S. Homeland Security recommends everyone disable it, because of vulnerabilities

Homeland Security still advises disabling Java, even after update

Some people have asked whether last week's and similar recent Java vulnerabilities are actually C or C++ vulnerabilities -- because, like virtually all modern systems software, Java is implemented in C and C++.

The answer is no, these particular exploits are pure Java. Some other exploits have indeed used vulnerabilities in Java's native C code implementation, but the major vulnerabilities in the news lately are in Java itself, and they enable portable exploits on any operating system with a single program. Note that this isn't to single out Java; other managed code environments have had similar vulnerabilities reported as well.

Today CERT posted an analysis of the current Java vulnerabilities, written by our own ISO C++ committee member David Svoboda:

Anatomy of Java Exploits

by David Svoboda

Java was exploited recently and last August. The August exploit was patched by Oracle on August 30; this most recent exploit now also has a patch available. Strictly speaking, the vulnerabilities that permitted both exploits are independent; the current exploit attacked code that was unused by the August exploit. Nevertheless, these vulnerabilities were quite similar. This blog post examines the vulnerabilities that permitted Java to be exploited in each case, using the proof-of-concept code exploits that have been published for them in January 2013 and August 2012.

The article demonstrates and comments on how security issues are common to all modern languages. From the conclusion:

While many previous Java vulnerabilities were actually vulnerabilities in the C code of a particular Java implementation, these exploits ran with pure Java -- no underlying C/C++ vulnerability was involved.

This doesn't mean Java is a horrible language any more than vulnerabilities in C and C++ make those horrible languages. Rather, it emphasizes that security is hard in any language or environment, and pretending otherwise is never helpful. For example, CERT publishes secure coding guidlines for various languages (the Java book coauthored by the author of the blog post above, David Svoboda):

And as Svoboda's CERT blog post today noted, many of today's popular attacks aren't language-specific, and:

... injection attacks, such as SQL injection, cross-site scripting (XSS), and command injection, occur in all languages that permit string manipulation.

Just like it isn't enough to think that using C++, which advertises an emphasis on performance, by itself means your code will be fast, it isn't enough to think that using a language that advertises an emphasis on safety means your code will be secure. As Robert Seacord, author or coauthor of both books above, said in email yesterday:

"The fact is that you need to understand the problems in whatever language you are using and diligently apply secure coding practices and principles if you want to have any hope of developing secure systems."

That's a lesson we can all benefit from, no matter which modern mainstream language we use.

Update from the Ranges Study Group

By Eric Niebler | Jan 14, 2013 11:04 AM | Tags: intermediate experimental

In December, we announced the opening of the SG9 (Ranges) mailing list. Since then, the activity on it has been nothing short of amazing, and the discussion is of a markedly high quality. Ranges promise a improvement in usability, power, and safety for the STL. If you have ever wanted to see how the C++ Standardization Committee crafts the future of C++, sidle on over to the Ranges group and learn about the future of the STL from many of the people who have helped shape it since its inception. Watch tomorrow's C++ take shape today, and maybe help shape it yourself.

Read the list archives here, or sign up to get the blow-by-blow here.

P.S. You can start using (one implementation of) Ranges today over at Boost (see Boost.Range's docs).

Site updates: StackOverflow highlights, blog tags and comments, and more

By Blog Staff | Jan 13, 2013 03:15 PM | Tags: None

Over the holidays we've made several improvements to isocpp.org. Many are behind the scenes where most readers won't notice, but here are a few that a more visible. We hope you find them useful.

Home page: Highlights from StackOverflow and StackExchange

Today, we added a new home page feature: Selected highlights from StackOverflow's [c++] and [c++11] tags, and from Programmers.StackExchange's [c++11] tag. We are pleased to endorse these sites as a premier place for question-and-answer discussion about modern C++ -- if you have a question about C++, you can probably already find the answer there, or post a new question and get a high-quality answer quickly. Please note: StackOverflow and StackExchange are for Q&A only, and actively discourage "discussion" styles -- for discussion about the Standard, see the Forums accessible from this site.

SO and SE are high-traffic sites, and many of our readers may only have time to consume a shorter "highlights reel" summary each day. That's why our home page shows an "auto-curated" filtered subset of the SO and SE traffic, selecting highlights from each feed using criteria that we can adjust over time. However, for those interested in following the full flow of questions on StackOverflow or StackExchange, we also provide a handy RSS link for each feed that lets you directly subscribe to the corresponding full feed. In the future, if there's interest, we might also consider providing our own custom RSS feeds for those who want to follow our custom filtered versions of the higher-volume SO and SE feeds.

Blog Tags

Each blog entry is now tagged, so you can more easily find the kind of content that interests you.

Here are the tags we're using initially:

  • basics: General information useful to anyone using C++, including programmers coming to C++ for the first time.
  • intermediate: Information that assumes you have a working familiarity with C++ and are ready to dig a little deeper.
  • advanced: Information for C++ experts that assumes you know C++ pretty well, want to make the most of it, and aren't afraid to "lift the hood" from time to time to take full control.
  • experimental: Material that isn't about Standard C++ today, but about what it could be -- including articles talking about future language and library extensions, and even prototype compiler implementations of future language features.

Sometimes posts will have multiple tags, when they point to material that covers useful information at more than one level. For instance, "Panel" style videos often range widely over many useful topics, and may include a lot of generally useful information appropriate to all levels while also including some pretty advanced parts of interest to experts. The goal is that if you're looking for, say, "intermediate" material, then following that tag will deliver only those items that have significant intermediate content, even if some parts may be more basic or advanced.

When you read a post, you'll see the tag(s) listed near the top. You can click on any tag to see what else has been posted with that tag. Over the next few days, we'll be adding an easy way to drill into each tag without going to a blog post first.

Blog Comments

You can now edit your own blog comments. Also, formatting control has been improved, with some more improvements coming. As always, including a nicely-formatted code block in your comment is as easy as wrapping it with <pre> and </pre>.

And More

We've also made many more improvements under the covers, and will have more to show you in the coming weeks and months. Stay tuned.

Stroustrup's Tour of C++: Third chapter posted

By Blog Staff | Jan 9, 2013 10:22 AM | Tags: basics

Part 3 of Bjarne Stroustrup's draft Tour of C++ is now available. This material is a preview draft of Chapter 4 of Stroustrup's upcoming The C++ Programming Language, 4th Edition.

A Tour of C++, Part 3: Containers and Algorithms

by Bjarne Stroustrup

Stroustrup writes:

No significant program is written in just a bare programming language,
it would be too tedious.

However, just about any task can be rendered simple by the use of good libraries.

This third chapter of my tour of C++ begins the presentation of the standard library, which is about half of the C++ standard.

Constructive comments would be most welcome.

C++ Concurrency - Herb Sutter

By Blog Staff | Jan 8, 2013 01:42 PM | Tags: intermediate

Another C++ and Beyond 2012 talk is now available online on Channel 9.

[Ed.: Note that the talk title and abstract should read as below. The initial Channel 9 video posting used an outdated title and abstract, and will be corrected soon.]

C++ and Beyond 2012: C++ Concurrency

by Herb Sutter

Herb says:

I've spoken and written on these topics before. Here's what's different about this talk:

 

  • Brand new: This material goes beyond what I've written and taught about before in my Effective Concurrency articles and courses.
  • Cutting-edge current: It covers the best-practices state of the art techniques and shipping tools, and what parts of that are standardized in C++11 already (the answer to that one may surprise you!) and what's en route to near-term standardization and why, with coverage of the latest discussions.
  • Blocking vs. non-blocking: What's the difference between blocking and non-blocking styles, why on earth would you care, which kinds does C++11 support, and how are we looking at rounding it out in C++1y?

The answers all matter to you – even the ones not yet in the C++ standard – because they are real, available in shipping products, and affect how you design your software today.

Preconditions, Part 1 -- Andrzej KrzemieĊ„ski

By Blog Staff | Jan 7, 2013 11:43 AM | Tags: intermediate

On preconditions, and their compile time enforcement with static_assert and a dash of regex.

Preconditions, Part 1

by Andrzej Krzemieński

In this post, I want to share my thoughts about the notion of precondition. In “Design by Contract” philosophy, preconditions are always mentioned along postconditions and invariants, and in the context of OO design. In this post I focus only on preconditions and not necessarily related to any class. For instance, the following function specifies a precondition on its argument:

double sqrt(double x);

// precondition: x >= 0

Note that the function specifies the precondition even though there is no language feature for this purpose (at least in C++). A precondition is a “concept” or an “idea” rather than a language feature. This is the kind of preconditions that this post is about.

Continue reading...

C++ and Beyond 2012: Panel - Convincing your Colleagues

By Blog Staff | Jan 4, 2013 06:57 AM | Tags: basics

A new C++ and Beyond 2012 panel is now available:

C++ and Beyond 2012: Panel - Convincing your Colleagues

From C++ and Beyond 2012, Andrei, Herb and Scott present Convincing Your Colleagues - an interactive panel.

Abstract:

You can't do a better job if you don't change what you're doing, but change is hard.  It's especially hard when what needs to change is your colleagues' approach to software development. Moving your team forward often requires persuading your peers to change their behavior, sometimes to do something they're not doing, other times to stop doing something they've become accustomed to.  Whether the issue is to embrace or avoid C++ language features, to adopt new development tools or abandon old ones, to increase use of or scale back on overuse of design patterns, to adhere to coding standards, or any of the plethora of other matters that affect software creation, moving things forward typically requires getting your colleagues to buy into the change you're proposing.  But how can you do that?

In this panel session, Andrei, Herb, and Scott share how they go about convincing their colleagues to change and take questions from the audience.

 

C++ and Beyond 2013 dates announced

By Blog Staff | Jan 3, 2013 12:42 PM | Tags: None

Scott Meyers has announced dates for another C++ and Beyond seminar with Scott, Herb Sutter, and Andrei Alexandrescu:

There will be a C++ and Beyond 2013!  The dates are tentatively set to be December 8-11, so block that time out on your calendar.  We have a venue picked out, but we haven’t signed a contract yet, so I can’t make any announcement about where C&B 2013 will take place.  I expect to be able to tell you all about it within the next few weeks, however.

Until then, hold December 8-11, 2013, for more in-depth, in-sightful, in-triguing, in-vestigations into the world of C++... and Beyond grin

Scott

SG 9 (Ranges) mailing list is now open

By Blog Staff | Dec 31, 2012 12:43 PM | Tags: None

Marshall Clow, chair of SG9 (Ranges) has announced the SG9 mailing list is now open:

Sign up at http://www.open-std.org/mailman/listinfo/ranges.

I'll post a welcome message to start off the discussion on Wednesday morning; please hold off on posting until then so that people have a chance to join.

Thanks - and have a Happy New Year!

-- Marshall

P.S. thanks to Keld [Simonsen] for setting up the list.

You Don't Know const and mutable -- Herb Sutter

By Blog Staff | Dec 31, 2012 11:13 AM | Tags: intermediate

In August, Herb Sutter gave a brand new 30-min talk at C++ and Beyond where he laid out the fundamentally new meanings of two long-time C++ keywords:

You Don't Know [const] and [mutable]

Herb Sutter

There’s a major change in C++11 that [...] rewrites pre-C++11 design guidance and is directly related to writing solid code in a concurrent and parallel world. And it isn’t just academic — everyone is going to have to learn and apply the new C++11 guidance that we’ll cover in this session.

This is a great example of how C++11 is a simpler language: We can stop the Cold War-era waffling about subtleties about what 20th-century C++ const means, and proudly declare modern C++ const has the simple and natural and "obvious" meaning that most people expected all along anyway.

One of the most common questions after the talk was, "Do other C++ experts agree with Herb's conclusions?" The answer is yes -- regarding his upcoming The C++ Programming Language, Fourth Edition, Bjarne Stroustrup writes: "I do point out that const means immutable and absence of race conditions in the last Tour chapter. I plan more for the concurrency chapter." Look for the third Tour chapter to be posted here next week, and the aforementioned last Tour chapter to be posted here in early February.

Enjoy.