Re: Compiling untrusted source -- what are the risks?
From: Karsten W. Rohrbach (karsten@rohrbach.de)
Date: 06/14/01
- Next message: Karsten W. Rohrbach: "Re: IPFW almost works now."
- Previous message: Craig Cowen: "Re: remote syslog question"
- In reply to: Kris Kennaway: "Re: Compiling untrusted source -- what are the risks?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 14 Jun 2001 21:04:27 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Kris Kennaway <kris@obsecurity.org>
Kris Kennaway(kris@obsecurity.org)@2001.06.13 13:03:13 +0000:
> On Wed, Jun 13, 2001 at 09:24:02AM +0300, Alex Popa wrote:
>
> > The step I am worried about is the compiling, since I do need to have
> > the include files and libraries available. The output should be a
> > statically linked file, which would run in a jail (separate one per
> > source file) which contains nothing more than the compiled binary, and
> > the input file. The evaluation program will run in a separate jail,
> > given only the output file from the program, and maybe an "expected
> > results" file. I plan on using ipfw to block all traffic on that
> > machine (will be a dedicated machine) not coming from a few trusted
> > uids (like root and the evaluation process). I also plan setting up
> > resource limits, and not running more evaluation jobs at the same time
> > (ruins timing).
>
> You could do this step in a jail if you wanted to. If you're using
> user-supplied makefiles, then they can run arbitrary commands. If
> you're using a fixed set of compiler invocations and the standard
> toolchain then it should probably be okay (I don't know of any ways to
> cause the compiler toolchain to execute arbitrary commands during
> compilation).
>
although, being a paranoid *** myself, i would reconstruct the whole
jail after creating a backup of the work environment only when the
evaluation process for one package is finished. this gives you a clean
slate point of start for everything again.
/k
-- > Only wimps use tape backups; real men put their software on ftp-servers > and let the rest of the world mirror it. --Linus Torvalds KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/ karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: Karsten W. Rohrbach: "Re: IPFW almost works now."
- Previous message: Craig Cowen: "Re: remote syslog question"
- In reply to: Kris Kennaway: "Re: Compiling untrusted source -- what are the risks?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
