Date: Thu, 14 Jun 2001 21:04:27 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Kris Kennaway <kris@obsecurity.org> Cc: Alex Popa <razor@ldc.ro>, security@freebsd.org Subject: Re: Compiling untrusted source -- what are the risks? Message-ID: <20010614210427.E49807@mail.webmonster.de> In-Reply-To: <20010613130313.B64020@xor.obsecurity.org>; from kris@obsecurity.org on Wed, Jun 13, 2001 at 01:03:13PM -0700 References: <20010613092402.A8413@ldc.ro> <20010613130313.B64020@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--924gEkU1VlJlwnwX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Kris Kennaway(kris@obsecurity.org)@2001.06.13 13:03:13 +0000: > On Wed, Jun 13, 2001 at 09:24:02AM +0300, Alex Popa wrote: >=20 > > The step I am worried about is the compiling, since I do need to have > > the include files and libraries available. The output should be a > > statically linked file, which would run in a jail (separate one per > > source file) which contains nothing more than the compiled binary, and > > the input file. The evaluation program will run in a separate jail, > > given only the output file from the program, and maybe an "expected > > results" file. I plan on using ipfw to block all traffic on that > > machine (will be a dedicated machine) not coming from a few trusted > > uids (like root and the evaluation process). I also plan setting up > > resource limits, and not running more evaluation jobs at the same time > > (ruins timing). >=20 > You could do this step in a jail if you wanted to. If you're using > user-supplied makefiles, then they can run arbitrary commands. If > you're using a fixed set of compiler invocations and the standard > toolchain then it should probably be okay (I don't know of any ways to > cause the compiler toolchain to execute arbitrary commands during > compilation). >=20 although, being a paranoid bastard myself, i would reconstruct the whole jail after creating a backup of the work environment only when the evaluation process for one package is finished. this gives you a clean slate point of start for everything again. /k --=20 > Only wimps use tape backups; real men put their software on ftp-servers > and let the rest of the world mirror it. --Linus Torvalds KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 --924gEkU1VlJlwnwX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7KQq7M0BPTilkv0YRAg6AAJ9bQm0Z+cpG7ot+U4U8AS4qBDbKpwCgimiJ 2rGsx2jvvXWiPkJdndAey1A= =e+DU -----END PGP SIGNATURE----- --924gEkU1VlJlwnwX-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010614210427.E49807>