[distcc] Exploit in distcc

Daniel Kegel dank at kegel.com
Fri Aug 27 17:10:03 GMT 2004

Jean Delvare wrote:
>> - Try to vet the command line; allow only particular commands.  It's
>>   not enough to just say "only run gcc" because an attacker might 
>>try to   send output to a file.  This couldn't give total protection 
>>but it   might help.
> I wouldn't analyze the whole command line, since it can differ significantly
> from comiler to compiler (except for the comment trick as noted above). But a
> built-in, command-line-overwritable list of known compilers would make things
> way safer. Among other things, it would prevent an entire local network from
> being compromised just because one machine was compromised. And again, log
> before rejecting (both for attacker-tracking and debugging purposes).

Already implemented, for non-security reasons.  See the patch at


It only accepts compilers listed in an 'apps' file, and
allows partial matches.  Crosstool uses this to implement
hetrogenous build clusters.
- Dan

More information about the distcc mailing list