Date: Thu, 14 Jun 2001 00:19:47 +0300 From: Alex Popa <razor@ldc.ro> To: Kris Kennaway <kris@obsecurity.org> Cc: security@freebsd.org Subject: Re: Compiling untrusted source -- what are the risks? Message-ID: <20010614001947.A13403@ldc.ro> In-Reply-To: <20010613130313.B64020@xor.obsecurity.org>; from kris@obsecurity.org on Wed, Jun 13, 2001 at 01:03:13PM -0700 References: <20010613092402.A8413@ldc.ro> <20010613130313.B64020@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 13, 2001 at 01:03:13PM -0700, Kris Kennaway wrote: > On Wed, Jun 13, 2001 at 09:24:02AM +0300, Alex Popa wrote: > > > The step I am worried about is the compiling, since I do need to have > > the include files and libraries available. > > [irrelevant part snipped] > > You could do this step in a jail if you wanted to. If you're using > user-supplied makefiles, then they can run arbitrary commands. If > you're using a fixed set of compiler invocations and the standard > toolchain then it should probably be okay (I don't know of any ways to > cause the compiler toolchain to execute arbitrary commands during > compilation). > > Kris I will probably go with something like (filename will be my own, not the user supplied filename): "gcc -Wall -W -Werror -pipe -static filename.c -o a.out" for the compiling step. The toolchain is exactly what I was worried about, and I really do not feel like providing a fresh jail for every compile. The running of the programs will go in a new jail and UID for every run, to prevent pollution. I also consider disabling SYSV semaphores and shared memory for that particular machine. Thank you a lot, Alex (who did paranoia++ a few too many times) ------------+------------------------------------------ Alex Popa, | "Artificial Intelligence is razor@ldc.ro| no match for Natural Stupidity" ------------+------------------------------------------ "It took the computing power of three C-64s to fly to the Moon. It takes a 486 to run Windows 95. Something is wrong here." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010614001947.A13403>