[distcc] Exploit in distcc
dank at kegel.com
Fri Aug 27 17:10:03 GMT 2004
Jean Delvare wrote:
>> - Try to vet the command line; allow only particular commands. It's
>> not enough to just say "only run gcc" because an attacker might
>>try to send output to a file. This couldn't give total protection
>>but it might help.
> I wouldn't analyze the whole command line, since it can differ significantly
> from comiler to compiler (except for the comment trick as noted above). But a
> built-in, command-line-overwritable list of known compilers would make things
> way safer. Among other things, it would prevent an entire local network from
> being compromised just because one machine was compromised. And again, log
> before rejecting (both for attacker-tracking and debugging purposes).
Already implemented, for non-security reasons. See the patch at
It only accepts compilers listed in an 'apps' file, and
allows partial matches. Crosstool uses this to implement
hetrogenous build clusters.
More information about the distcc