Compiler Bugs and Bug Compilers

Explore the intricacies of compiler bugs and malicious compiler modifications in this conference talk from the Hack In The Box Security Conference. Delve into exotic segfaults encountered while attempting to improve binary output, focusing on Linux systems. Examine popular topics like ELF files, position-independent code, and the Global Offset Table. Investigate how attackers could introduce bugs into binaries using compilers, with a focus on GCC's structure and various compilation stages. Learn about potential methods for injecting vulnerabilities, from removing sanitization code to manipulating architecture-specific machine definitions. Discover the trade-offs between stealth and effectiveness in malicious compiler modifications. Gain insights into detecting an attacker's malicious alterations and understand the importance of securing build environments against potential threats.

#HITB2019AMS D2T1 - Compiler Bugs And Bug Compilers - Marion Marschalek