[distcc] Exploit in distcc
Daniel Kegel
dank at kegel.com
Fri Aug 27 17:10:03 GMT 2004
Jean Delvare wrote:
>> - Try to vet the command line; allow only particular commands. It's
>> not enough to just say "only run gcc" because an attacker might
>>try to send output to a file. This couldn't give total protection
>>but it might help.
>
> I wouldn't analyze the whole command line, since it can differ significantly
> from comiler to compiler (except for the comment trick as noted above). But a
> built-in, command-line-overwritable list of known compilers would make things
> way safer. Among other things, it would prevent an entire local network from
> being compromised just because one machine was compromised. And again, log
> before rejecting (both for attacker-tracking and debugging purposes).
Already implemented, for non-security reasons. See the patch at
http://kegel.com/crosstool/crosstool-0.28-rc34/patches/distcc-2.16/distcc-stringmap.patch
It only accepts compilers listed in an 'apps' file, and
allows partial matches. Crosstool uses this to implement
hetrogenous build clusters.
- Dan
More information about the distcc
mailing list