Date: Thu, 14 Jun 2001 07:37:05 +1000 From: Peter Jeremy <peter.jeremy@alcatel.com.au> To: Alex Popa <razor@ldc.ro> Cc: Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG Subject: Re: Compiling untrusted source -- what are the risks? Message-ID: <20010614073705.E95583@gsmx07.alcatel.com.au> In-Reply-To: <20010613130313.B64020@xor.obsecurity.org>; from kris@obsecurity.org on Wed, Jun 13, 2001 at 01:03:13PM -0700 References: <20010613092402.A8413@ldc.ro> <20010613130313.B64020@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2001-Jun-13 13:03:13 -0700, Kris Kennaway <kris@obsecurity.org> wrote: > If >you're using a fixed set of compiler invocations and the standard >toolchain then it should probably be okay (I don't know of any ways to >cause the compiler toolchain to execute arbitrary commands during >compilation). This is covered by Kris's "fixed set of compiler invocations", but it's worth noting that gcc can execute arbitrary commands with pathnames matching the regex ".*(cpp|cc1|cc1obj|cc1plus|as|ld)$" via the -B option or $GCC_EXEC_PREFIX environment. Note that some variants of gcc (including -CURRENT) use "cpp0" instead of "cpp". Looking at base system executables, this includes fold(1), btxld(8), fore_dnld(8), rtsold(8) and /usr/libexec/rpc.rwalld, though there's nothing stopping someone creating a suitably named shell-script and using -Bfoo to invoke it (though it has to be marked executable). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010614073705.E95583>