IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [c++]

The C++ programming language

C++ is a low-level programming language. It allows (but discourages) direct pointer manipulation, making it rife for security vulnerabilities.

Use this tag for questions about security that are directly related to C++, such as security analysis of C code and exploiting badly-written C++ code. Do not use this tag just because you're writing a program in C++, only if C++ is directly relevant to the question. Questions about programming in C++ are off-topic here, but can be asked on Stack Overflow.

103 questions
135
votes
8 answers

Why are programs written in C and C++ so frequently vulnerable to overflow attacks?

When I look at the exploits from the past few years related to implementations, I see that quite a lot of them are from C or C++, and a lot of them are overflow attacks. Heartbleed was a buffer overflow in OpenSSL; Recently, a bug in glibc was…
Nzall
  • 7,313
  • 6
  • 29
  • 45
68
votes
2 answers

What is the most hardened set of options for GCC compiling C/C++?

What set of GCC options provide the best protection against memory corruption vulnerabilities such as Buffer Overflows, and Dangling Pointers? Does GCC provide any type of ROP chain mitigation? Are there performance concerns or other issues that…
rook
  • 46,916
  • 10
  • 92
  • 181
40
votes
3 answers

What security measure one should implement before executing user uploaded files?

I want to make a little programming puzzle on my website. There's going to be a task. The user will be asked to upload a C++ source file with their solution. The file should be compiled, run with some input and checked if it produces right output.…
Jen
  • 503
  • 4
  • 5
21
votes
3 answers

Is it possible to write shellcode in C++?

Usually I write assembly programs and then dump their contents to get the shellcode. What I was wondering is whether I could write a C++ program instead of assembly, then dump and use that instead of the assembly?
John Doe
  • 319
  • 2
  • 3
21
votes
3 answers

Can I rely on these GitHub repository files?

I recently found the GitHub repository https://github.com/userEn1gm4/HLuna, but after I cloned it I noted that the comparison between the file compiled (using g++) from source, HLuna.cxx, and the binary included in the repository (HLuna) is…
mcruz2401
  • 191
  • 1
  • 7
15
votes
4 answers

How is printf() in C/C++ a Buffer overflow vulnerability?

According to an article I just read, the functions printf and strcpy are considered security vulnerabilities due to Buffer overflows. I understand how strcpy is vulnerable, but could someone possibly explain how/if printf is really vulnerable, or I…
DarkMantis
  • 746
  • 1
  • 7
  • 19
8
votes
2 answers

buffer overflow attack scripts

I saw various different scripts for a buffer overflow attack. Many of the scripts include lines that look like this: char code[]…
BubbleMonster
  • 267
  • 3
  • 7
7
votes
1 answer

Hiding process from Task Manager

What technique is used to hide a process from Task Manager? I'm currently researching ways I can do this in C++. Is this process called hooking? http://www.codeproject.com/Articles/3978/Trap-CtrlAltDel-Hide-Application-in-Task-List-on-W The book I…
Quaxton Hale
  • 267
  • 2
  • 3
  • 8
6
votes
1 answer

Protecting master password in memory

Assuming I want to enter master password only one time at the start of the program, how is this master password usually protected in memory after that? Is the encryption key after being derived from password encrypted again? If yes, by what? Is it…
graywolf
  • 385
  • 3
  • 10
6
votes
2 answers

Is it possible to crack g++ rand()?

So, I have this: I know that some code was used to generate a random sequence, and it looked roughly like this: #include #include int main() { const std::string alphabet =…
Akiiino
  • 161
  • 5
5
votes
2 answers

Is compiling untrusted code safe?

I'm curious about compiling with gcc/g++/clang with the assumption that headers and implementation files are user-provided, but not the build configuration. (i.e., no cd lib && make) What if the user could provide object files to link against too…
PSkocik
  • 270
  • 1
  • 8
5
votes
1 answer

Will Intel's MPX extension make C/C++ completely safe to use?

This is apparently an extension that will eliminate buffer overflow and format string vulnerabilities in C/C++ programs, I would guess by providing hardware support for, e.g. converting scanf to fgets automatically, or something along those lines. …
Zen Hacker
  • 571
  • 1
  • 3
  • 11
4
votes
2 answers

Is it secure to create a Bitcoin address from a private key generated by Rand() instead of cryptographic elliptic curve

I am writing a C++ application that creates a Bitcoin address. I am having a hard time installing openssl for windows and making it work for visual studio. So, I am asking myself, if I create a private key, let's say a hex string of 64 chars, by…
WereAskingIt
  • 41
  • 1
4
votes
3 answers

Safely remove original file after encryption

My application encrypts a file, and the result is written to a different one. How do I safely remove the original one (C++)? Update. Wow! The problem is more complicated than I thought of it... 1) My application's purpose is to encrypt files from…
Ilya
  • 145
  • 1
  • 5
4
votes
2 answers

How to know the time of compilation

I've read that a malware found by kaspersky was compiled at the moscow time zone. How they know the time of compilation ?
Aman
  • 153
  • 4
1
2 3 4 5 6 7