[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GCC reporting piped input as a security feature
|
From: |
Jan Engelhardt |
|
Subject: |
Re: GCC reporting piped input as a security feature |
|
Date: |
Tue, 9 Apr 2024 07:27:19 +0200 (CEST) |
|
User-agent: |
Alpine 2.26 (LSU 649 2022-06-02) |
On Tuesday 2024-04-09 05:37, Jacob Bachmeyer wrote:
>
>> In principle it could be posible to output something different to
>> describe this stramge situation explicitly. For instance, output "via
>> stdin" as a comment, or output `stdin/../filename' as the file name.
>> (Programs that optimize the file name by deleting XXX/.../ are likely
>> not to check whether XXX is a real directory.)
>
> With the small difference that I believe the special marker should be
> '<stdin>'
> (with the angle brackets, as it is now), this could be another good idea.
> Example output: "[working directory]/<stdin>///[specified filename]" or
> "[specified filename]///<>/[working directory]/<stdin>". GDB could be
> modified
> [...]
This will likely backfire. Assuming you have a userspace program
which does not care about any particular substring being present, the
fullpath is passed as-is to the OS kernel, which *will* resolve it
component by component, and in doing so, stumble over the XXX/ part.
Better introduce a new DW_AT_ field for a stdin flag.
> to recognize either form and read the specified file (presumably some form of
> augmented C) but report that the sources were transformed prior to
> compilation.
> The use of triple-slash ensures that these combined strings cannot be confused
> with valid POSIX filenames, although I suspect that uses of these strings
> would
> have to be a GNU extension to the debugging info format.
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, (continued)
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/08
- Re: detecting modified m4 files (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/07
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/04
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/01
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/04
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/06
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Richard Stallman, 2024/04/08
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/08
- Re: GCC reporting piped input as a security feature,
Jan Engelhardt <=
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/09
- Re: GCC reporting piped input as a security feature, Zack Weinberg, 2024/04/11
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/12
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Richard Stallman, 2024/04/08
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Blake, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bob Friesenhahn, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Karl Berry, 2024/04/02
- Re: compressed release distribution formats (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/03