Trail of Bits just dropped a new chapter in their Testing Handbook: a security checklist tailored for manual code reviews in C and C++. This isn’t about automated scanners—it’s a targeted list of bug classes, footguns, and API traps that hit real-world codebases. They organize it by platform: general issues, Linux user/kernel mode, Windows user/kernel mode, and seccomp/BPF sandboxes. In an era where C/C++ still runs kernels, drivers, and embedded systems, this matters because memory corruption and integer overflows fuel most exploits.
C/C++ vulnerabilities dominate security incidents. Microsoft attributes 70% of its security bugs to memory safety flaws in C/C++, per their 2020 analysis. The Chrome security team retired 25% of its C++ codebase by 2023 to cut similar risks. Tools like AddressSanitizer catch many at runtime, but manual review spots subtle environment-specific gotchas that automation misses. Trail of Bits’ checklist fills that gap, starting broad and drilling into OS quirks.
Core Bug Classes and Linux Deep Dive
The chapter kicks off with language fundamentals: memory safety (buffer overflows, use-after-free), integer errors (wraparounds, signedness bugs), type confusion, and even compiler-inserted vulns like Spectre gadgets. Linux user-mode zeros in on libc pitfalls—string functions like strcpy that truncate silently, privilege drops via setuid that leak capabilities, and env var handling that exposes secrets. These apply to most POSIX systems, where devs often overlook how getenv persists across forks.
Kernel-mode Linux gets a starter pack for drivers/modules: improper refcounting, race conditions in device allocs, and syscall handler overflows. No checklist covers the kernel’s full 30 million lines, but this bootstraps audits. Trail of Bits sees these in audits regularly—small oversights cascade to root escapes.
Windows and Sandbox Traps
Windows user-mode hits DLL planting (search order hijacks), unquoted paths in CreateProcess (allows C:\Program.exe to run malware first), and path traversal via WorstFit Unicode bugs. Attackers encode dots with high ANSI chars (e.g., U+FF0E) to slip past PathCanonicalize checks—real bypasses from the 2010s still linger.
Kernel drivers face device ACL misconfigs, DoS from spinlock abuse (endless holds crash bluescreens), and handle-passing flaws where user-mode sends poisoned objects kernel-side. Seccomp/BPF sections target sandbox escapes: io_uring syscalls bypassing filters, CLONE_UNTRACED disabling ptrace seccomp, and races in memory checks. Even with Landlock/IO_uring modernizing, audits uncover these weekly.
Why this checklist stands out: It prioritizes review over tools. Static analyzers like Clang-Tidy flag 80% of buffer issues but miss context—like seccomp’s async gaps. Dynamic fuzzers exercise paths but ignore rare API edges. Manual eyes connect them to threat models.
LLM Tool and Proof-of-Concept Challenges
Trail of Bits plans a Claude “skill” to convert this into LLM prompts—platform-aware bug hunts on codebases. LLMs excel at pattern-matching (e.g., spotting strncpy misuse), but hallucinate 20-30% on code reasoning per recent benchmarks. Expect it as a triage aid, not a silver bullet—verify outputs manually. Release TBD; it’ll integrate threat models like “Linux driver with unprivileged ioctls.”
To test yourself, they include two challenges mimicking checklist bugs. First 10 correct submissions snag swag. Spot issues like racey ptrace or Unicode paths—real vulns, not trivia. Submit via their form.
Bottom line: Grab the handbook. C/C++ won’t die soon—Rust adoption lags at <5% in top servers. This checklist sharpens reviews, cuts low-hanging exploits, and reminds us automation complements, doesn’t replace, human scrutiny. In security, checklists save time; skipping them costs breaches.
