Preventing memory-corruption vulnerabilities
While using lower level languages such as C, there is a high chance of memory corruption bugs arising if bounds are not properly checked and validated by developers programmatically. Preventing the use of known dangerous functions and APIs aids against memory-corruption vulnerabilities within firmware. For example, a non-exhaustive list of known, unsafe C functions consists of: strcat, strcpy, sprintf, scanf, and gets. Common memory-corruption vulnerabilities such as buffer overflows or heap overflows can consist of overflowing the stack or the heap. The impact of these specific memory-corruption vulnerabilities when exploited differ per the operating system platform. For example, commercial RTOS platforms such as QNX Neutrino isolates each process and its stack from the filesystem minimizing the attack surface. However, for common Embedded Linux distributions this may not be the case. Buffer overflows in Embedded Linux may result in arbitrary...
