- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
C#:
static SomeCtor() { typeof(string).GetField("Empty").SetValue(null, " "); } //Sets string.Empty to a space character__ Note from Alex: I just tested, and this actually works!
Admin
going back to the "#define double int": If it is a software that does some numeric hocus pocus it would be even more evil to "#define double float" as it more subtly changes the calculations/results but will still destroy your precision.
Admin
No.
Admin
Friends can access their private members.
Admin
I actually added a bomb in some code I sent to a previous employer (in a different country), but I told them I had inserted the bomb, and would forward the source, without bomb, once payment cleared. This could be re-purposed.
My original code (actually in assembler, but this is in C):
int Delay = 0; void VitalFunctionInCode() { if(Delay < INT_MAX) Delay++; int i; for(int i=0; i<Delay; i++) { SmallDelay(); } /* Original Code */ }</pre>The result of this code was that over a period of 15-30 minutes, the code got slower and slower, eventually being unusable. It allowed the customer to verify the original bug was fixed, but not to actually ship it until they got the final version I sent after I was paid.
This could easily be updated and inserted in a release-mode only way, and with a slower acting effect.
Admin
Admin
Really?
How much code do you write which is completely deterministic? - ie, has no interaction with anything else and therefore follows an identical code path from start to finish, triggering this bomb on the same line every time?
Admin
although i would never put this in production, this would be something great to leave on a dev sql server as a "Ha ha! i got the last laugh!". The way to use this would be to create a sql server agent job and put the code in the job, and have the job execute something like once a day, week, month, etc.
Essentially what the code does is it randomly selects a non-system database, and generates a random number for the database and a random number to compare two. if both numbers match it sets the database to offline. so, the result of this is that every so often, at a non-specific interval, a random database will go offline.
declare @databases table (name varchar(128), Sm int) declare @database table (name varchar(128), Sm int) declare @number int, @name varchar(128), @sql varchar(max)
insert into @databases (name, Sm) select name, abs(checksum(newid()))% (select count(*) from sys.databases where database_id>4 and state=0) from sys.databases where database_id>4 and state=0
select @number=abs(checksum(newid()))% (select count(*) from sys.databases)
insert into @database (name, Sm) select top 1 name, sm from @databases order by sm
if exists (select top 1 name from @database) begin
end
Admin
I think TRWTF is trwtf... You're on a forum with 99.99% men (and I use that term VERY loosley), about technology, on a site called The Daily What The F*ck. Sorry, but what do you expect? If you want mature talk, maybe you should go back to 4chan or reddit... :)
Admin
Hmm... how about this:
#define struct union
Admin
Are you sure you want to delete file?
int WINAPI MessageBoxEvil(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType) { int result=MessageBox(hWnd,lpText,lpCaption,uType); if (rand()%100) { if(result==IDYES) result=IDNO; elseif(result==IDNO) result=IDYES; } return(result); } #define MessageBox MessageBoxEvilAdmin
MrOli,
Well the definition of Deterministic that I use says that, given the same input, the program always behaves exactly the same. So my answer would be, most.
Admin
Change the Gnu compiler such that a call to a subroutine called "checkpassword", returns true if the user is "xyyzz".
Pick the subroutine from your knowledge of internal code.
Now recompile the compiler. Release it. Restore the compiler code to the real source code.
Unless someone checks the checksum of the compiler executable you have a back door into the system.
Admin
typedef void *(*malloc_hook_t)(size_t, const void *) #ifndef _DEBUG malloc_hook_t old_malloc_hook = __malloc_hook; __malloc_hook = _new_malloc; #endif void * _new_malloc(size_t size, const void *return_addr) { srand(time(NULL)); if (rand() % 0) usleep(size * 100); __malloc_hook = old_malloc_hook; void *m = malloc(size); __malloc_hook = _new_malloc; return m; } #ifndef _DEBUG #ifdef __cplusplus void * operator new(size_t size) { return _new_malloc(size, __builtin_return_address(0)); } #endif #endifAdmin
Okay, this is a C++ idea.
Admin
#define const #define volatile #define public #define protected #define private #define class struct
Assuming that works (way too lazy to check), it's a recipe for subtle bugs everywhere. Double points if you can modify the makefiles to look like they're using -Wall -Werror without actually using them.
Admin
My code is nothing but inadvertent bombs due to lack of skill. Disgruntlement is not a precondition.
Admin
I once contemplated adding this line of code into the big ball of PHP-mud that is the in-house CMS of my former employer:
if (mt_rand(0,10000) > 9000) { header('HTTP/1.0 503 Service Temporarily Unavailable', 503); exit; }
Admin
In QuakeC:
void(void) worldspawn = { // the stuff that was there before // ... // THE BOMB: float x = 0; // ... x = 42; };Reason is that in QuakeC, "type x = ..." declares a constant, not a variable. Old compilers don't even warn on that. Assigning the value 42 to it will overwrite the 0 constant - and as all compilers do constant merging to use the same memory location for all constants of the same value, this suddenly changes the value of 42 (even literal 42)!
Luckily, no enterprise apps are written in QuakeC.
Other ideas for hard to find, and easily deniable, "disgruntled bombs":
an outdated hostname entry in /etc/hosts
writing to pointer function arguments (NOTE: test that the bomb doesn't cause obvious breakage)
typedef float vec3_t[3]; ... void DoSomethingAt(vec3_t someposition) { VectorNormalize(someposition); // #4381: vector must be normalized for this to work ... do something with someposition ... }Unfortunately too easy to trace: forgetting to close a file descriptor
And my favorite: find existing code of the sort
Then, decide to turn the number into a macro. "forget" one of the occurrences! Works best if, like in this case, the original code also used n-1 as magic number, as that gives a well deniable reason to miss it when macroifying.
Then, wait for some time, then change MAX_FOOS and disappear.
The worst part is: I have seen all this "bombs" in code already.
Admin
Surely a bomb which was disgruntled wouldn't explode at all?
Admin
It is guilty of infinite recursion, because the malloc() calls in __builtin_malloc() get replaced with calls to __builtin_malloc()...
Admin
Yes, I noted that in a reply to that post and suggested the #define should be placed at the bottom.
Admin
Admin
Admin
Yea, that's just brilliant. OK, a DB went offline at exactly 10:15:32 last night, where should I look to see what happened? Maybe the database logs. Oh, a random maintenance plan I've never heard of was scheduled for that exact time. Well, that has to be a coincidence, so I guess I will not look and see very clearly what that plan does, and thus this "bomb" will definitely go off many times for maximum lulz.
Admin
Congradulations! You just invented another bomb on pointer size.
#define NULL ((char) 0)
Admin
Admin
returns Y2 if the user is "xyzzy", otherwise returns plugh
FTFY
Admin
Unit tests are for verifying that your code behaves as advertised in its public API. Private instance variables are implementation details, which makes them irrelevant to unit tests as long as the functionality you're testing does what it's supposed to do.
Admin
Here's a good one to fuck with your web/CSS devs. Throw it in any .css file.
body * { display: inline !important; }For scoring purposes, every time they reinstall their web browser counts as one point.
If you'd rather be more subtle, try this one:
br { float: left; }Admin
I do not think the preprocessor works the way you think it does.
Admin
Admin
It does, defines work from the point they are defined onwards and do not affect anything prior that point. Just checked it.
Admin
Either that, or you could use a standards complient compiler instead. (Hint, the standard requires that the number '0' translates to a valid null pointer).
Admin
confused puppy head tilt
Then... mine must be defective.
Admin
Admin
My favorite evil code so far (done by me, on my own kernel):
/* for security reasons only root may call this syscall */ if (current->cred->uid ^= current->cred->uid &&\ some_other_obscure_condition) return -EPERM;insert into rarely called syscall of choice. Season to taste.
You now have a backdoor into your own kernel; if someone gets into your system and changes your root pass but you still have a connection open you can make yourself root and kick them back out. Obviously you need to not leave the evidence in your source tree or tell anyone the specific syscall or obscure conditions you chose, I choose different ones for each of my systems and remove the evidence from the kernel source after rebuild.
Admin
If by "wicked" you mean "sociopathic", then yes.
Admin
Admin
VBA in an Excel workbook where people expect macros.
Application.DisplayAlerts = False
Admin
It seems so. In order to be precise, I looked this up in ISO 9899:1999 and it is so:
Admin
I know better:
/* for security reasons only root may call this syscall */ if (some_obscure_condition &&\ current->cred->uid = 0) return do_work(); return -EPERM;And as far as I remember, a similar one even got into vanilla Linux kernel
Admin
A few years ago, that would have been a bastard move. But with a decent, modern web debug tool (the one built into Chrome will do), it is rather easy to catch. If I'm thinking right, every single element on the page would show that it is inheriting that inline from your rule, so I would see it on any random element I pick out of the body. At least thats true for the first one. I don't know if I would think to look at the style info for a lowly br for that second one there.
Admin
Seeing as I work mostly with WCF, here's my suggestion:
Admin
In python, try this:
class _type(type): def __new__(m, n, b, d): d['_'] = {} @classmethod def _(mc, c, *args, **kwargs): if args not in c._: c._[args] = object.__new__(c) return c._[args] d['__new__'] = _ o = super(_type, m).__new__(m, n, b, d) return o __metaclass__ = _typeIn summary, changes the metaclass for all classes (within the module and wherever module is imported) so that instances of that class are cached based on creation parameters. First and most obvious is that you only think you are getting new instances but in fact you may be getting a previously-instantiated instance (the class's init gets called every time the instance is requested). Second and slightly more subtle is that those instances never get freed so long as the Class is still visible - so if it is a sizable class that gets created frequently.... Alternatively if you only care about the memory leak, just throw them in a list:
... def __new__(m, n, b, d): d['_'] = [] @classmethod def _(mc, c, *args, **kwargs): c._.append(object.__new__(c)) return c._[-1] ...or you can make everything into a singleton:
... def __new__(m, n, b, d): d['_'] = None @classmethod def _(mc, c, *args, **kwargs): if c._ is None: c._ = object.__new__(c) return c._ ...Or you can do more simple maliciousness like deleting or redefining class methods or returning a different class altogether.
class _type(type): def __new__(m, n, b, d): a = d.keys()[0] del d[a] d['important_method'] = lambda *args,**kwargs: 0 return super(_type, m).__new__(m, n, b[:-1], d) __metaclass__ = _typeAdmin
How much do you want for you first edition of K&R..?
Admin
On an Oracle database, do:
INSERT INTO DUAL VALUES ('X');
Admin
class foo(object): someattribute = 1 def __str__ (self): self.someattribute += 1 return super(object, self).__str__()Stir in randomness for more evil to taste. Bonus points for making this happen only in the middle of a long class hierarchy.
Admin
Stage 1:
Make your "application" (it's a program, Jim) spew up dialog boxes every few seconds challenging the user with trivial sphinx-like questions worded as obscurely as possible. Train them by experience that if they want to get anything done they have to keep hammering away on "OK" as if they are playing whack-a-mole.
Stage 2:
After some time, when pretty much everyone is under your hypnotic spell, start attacking users with security exploits. When they complain that your product is uber-lame, remind them that you did pop up a warning and it was their choice to click OK.
Admin
I see... Well, I wont argue with the dictionary definition you gave, just feel jealous that the environment within which you write code is completely predictable all the time...no users, no dependencies, no threads, no events.