Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is using an outdated C compiler a security risk?

Tags:

c

security

gcc

We have some build systems in production which no one cares about and these machines run ancient versions of GCC like GCC 3 or GCC 2.

And I can't persuade the management to upgrade it to a more recent: they say, "if ain't broke, don't fix it".

Since we maintain a very old code base (written in the 80s), this C89 code compiles just fine on these compilers.

But I'm not sure it is good idea to use these old stuff.

My question is:

Can using an old C compiler compromise the security of the compiled program?

UPDATE:

The same code is built by Visual Studio 2008 for Windows targets, and MSVC doesn't support C99 or C11 yet (I don't know if newer MSVC does), and I can build it on my Linux box using the latest GCC. So if we would just drop in a newer GCC it would probably build just as fine as before.

like image 690
Calmarius Avatar asked May 27 '16 09:05

Calmarius


People also ask

What compiler should I use for C?

The compiler that we recommend is the GNU Compiler collection or GCC. This is a widely used cross-platform compiler toolsuite that has libraries and compilers for C, C++, Fortran, Java, and more. Additionally the compiler that we will use later on in the course for compiling C code to run on the PIC32 is based on GCC.

Does C need a compiler?

C is a mid-level language and it needs a compiler to convert it into an executable code so that the program can be run on our machine.

What is the most used compiler for C?

GNU C Compiler or GCC is the most popular and most widely used among the developers who use C as their programming language. GCC is an open-source compiler and comes free with all flavors of Linux and Unix distributions. GCC is also available in Macintosh computers running Mac OS X.

Is GCC good for C?

Though there are many compilers available for C, GCC stands out to be one of the best as of now. The winner declaration here lies based on durability, optimization, speed, and code/error/syntax checks.


1 Answers

Actually I would argue the opposite.

There are a number of cases where behaviour is undefined by the C standard but where it is obvious what would happen with a "dumb compiler" on a given platform. Cases like allowing a signed integer to overflow or accessing the same memory though variables of two different types.

Recent versions of gcc (and clang) have started treating these cases as optimisation opportunities not caring if they change how the binary behaves in the "undefined behaviour" condition. This is very bad if your codebase was written by people who treated C like a "portable assembler". As time went on the optimisers have started looking at larger and larger chunks of code when doing these optimisations increasing the chance the binary will end up doing something other than "what a binary built by a dumb compiler" would do.

There are compiler switches to restore "traditional" behaviour (-fwrapv and -fno-strict-aliasing for the two I mentioned above) , but first you have to know about them.

While in principle a compiler bug could turn compliant code into a security hole I would consider the risk of this to be negligable in the grand scheme of things.

like image 78
plugwash Avatar answered Sep 20 '22 14:09

plugwash