From owner-freebsd-security  Wed Jun 13 14:37:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27])
	by hub.freebsd.org (Postfix) with ESMTP id EE60137B401
	for <security@FreeBSD.ORG>; Wed, 13 Jun 2001 14:37:16 -0700 (PDT)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1])
	by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id HAA07561;
	Thu, 14 Jun 2001 07:37:09 +1000 (EST)
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37645) with ESMTP id <01K4QZAWGEE8VNYU2Y@cim.alcatel.com.au>;
 Thu, 14 Jun 2001 07:37:10 +1000
Received: (from jeremyp@localhost)	by gsmx07.alcatel.com.au (8.11.1/8.11.1)
 id f5DLb6D44664; Thu, 14 Jun 2001 07:37:06 +1000 (EST envelope-from jeremyp)
Content-return: prohibited
Date: Thu, 14 Jun 2001 07:37:05 +1000
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: Compiling untrusted source -- what are the risks?
In-reply-to: <20010613130313.B64020@xor.obsecurity.org>; from
 kris@obsecurity.org on Wed, Jun 13, 2001 at 01:03:13PM -0700
To: Alex Popa <razor@ldc.ro>
Cc: Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG
Mail-Followup-To: Alex Popa <razor@ldc.ro>,
	Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG
Message-id: <20010614073705.E95583@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <20010613092402.A8413@ldc.ro>
 <20010613130313.B64020@xor.obsecurity.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2001-Jun-13 13:03:13 -0700, Kris Kennaway <kris@obsecurity.org> wrote:
> If
>you're using a fixed set of compiler invocations and the standard
>toolchain then it should probably be okay (I don't know of any ways to
>cause the compiler toolchain to execute arbitrary commands during
>compilation).

This is covered by Kris's "fixed set of compiler invocations", but
it's worth noting that gcc can execute arbitrary commands with
pathnames matching the regex ".*(cpp|cc1|cc1obj|cc1plus|as|ld)$"
via the -B option or $GCC_EXEC_PREFIX environment.  Note that some
variants of gcc (including -CURRENT) use "cpp0" instead of "cpp".

Looking at base system executables, this includes fold(1), btxld(8),
fore_dnld(8), rtsold(8) and /usr/libexec/rpc.rwalld, though there's
nothing stopping someone creating a suitably named shell-script and
using -Bfoo to invoke it (though it has to be marked executable).

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message