Complex enough input to a complex enough system can have effects indistinguishable from a native program for that system. A sufficiently complex input format may become "byte code" for a kind of a virtual machine within the software that handles it; in many classic exploit programming techniques, data is the program that runs on the code. We will show two examples of this that aren't exploits as such, but show Turing-complete programming by kinds of data that are hardly ever given a second glance: (1) ELF binary format headers with nothing but well-formed relocation and dynamic symbol entries (executed by the runtime linker-loader), and (2) x86 memory and interrupt descriptor tables (executed by the CPU page fault handling and context switching logic, without any instructions being successfully dispatched).
If these data formats can hide a Turing-complete computation, what about all others more complex "feature-rich" ones? What makes a format lend itself to being an equivalent of an instruction set? Can looking for "weird machines" help design trustworthy systems? Join us for the talk and discussion of this weird research direction!
Ещё видео!