Date: Wed, 13 Jun 2001 13:03:13 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Alex Popa <razor@ldc.ro> Cc: security@freebsd.org Subject: Re: Compiling untrusted source -- what are the risks? Message-ID: <20010613130313.B64020@xor.obsecurity.org> In-Reply-To: <20010613092402.A8413@ldc.ro>; from razor@ldc.ro on Wed, Jun 13, 2001 at 09:24:02AM %2B0300 References: <20010613092402.A8413@ldc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
--3uo+9/B/ebqu+fSQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Jun 13, 2001 at 09:24:02AM +0300, Alex Popa wrote: > The step I am worried about is the compiling, since I do need to have > the include files and libraries available. The output should be a > statically linked file, which would run in a jail (separate one per > source file) which contains nothing more than the compiled binary, and > the input file. The evaluation program will run in a separate jail, > given only the output file from the program, and maybe an "expected > results" file. I plan on using ipfw to block all traffic on that > machine (will be a dedicated machine) not coming from a few trusted > uids (like root and the evaluation process). I also plan setting up > resource limits, and not running more evaluation jobs at the same time > (ruins timing). You could do this step in a jail if you wanted to. If you're using user-supplied makefiles, then they can run arbitrary commands. If you're using a fixed set of compiler invocations and the standard toolchain then it should probably be okay (I don't know of any ways to cause the compiler toolchain to execute arbitrary commands during compilation). Kris --3uo+9/B/ebqu+fSQ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7J8cBWry0BWjoQKURAnVCAJwKwwzjdodfx89BqNVWpeuVy+vvWgCg7/CA ylR1W9vKquVUuo9DgSk8cxg= =Dj5c -----END PGP SIGNATURE----- --3uo+9/B/ebqu+fSQ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010613130313.B64020>