Hacker News new | ask | show | jobs
by wutwot 5015 days ago
You don't filter out CPP macro's. I would skip that and only allow C code. Or run this thing in a proper jail because at the moment:

- doing an include #include "/dev/random" will block the thread. - including "/etc/passwd" is also possible although I don't see a direct way to turn this into password disclosure.

Seriously; even if it's a weekend project, letting people run all kinds of potentially bad code on your machine is never a good idea. Even though you don't run the binaries yourself there's so many ways to mess around with a compiler. You just don't know what's going to happen.
2 comments
__alexs 5015 days ago
chroot would probably be sufficient. Barring some sort of code execution vuln in the compiler you can only load stuff off of the filesystem.

Having the actual CPP available is nice because some bits of libc are only macros.

link
ynh 5015 days ago
I have now added some basic macro detection
link
yonilevy 5015 days ago
#define x "/etc/passwd" #include x
link
ynh 5015 days ago
I have now fixed it. But I think there must be an other way to make it safe. Maybe a sandbox
link
dzorz 5015 days ago
This is part of your /etc/shadow file:

    root:censored
We can still read /etc/ssh/ssh_host_rsa_key, etc.

Edit: removed hash, sorry

link
daeken 5015 days ago
Saying "you can read /etc/shadow by doing X, Y, and Z" is okay -- it's a permanent record there was a flaw. Saying "here's your root password hash" is not ok; even once the flaw is fixed, that hash is still floating around out there. I'd take advantage of the edit period and remove that from your comment; it's just not cool. The OP should definitely change the root password on the box regardless.
link
wulczer 5015 days ago
Well one easy way to increase security would for this to stop running as root.

Please, don't ever run your application code as root. Less so when it's facing the Internet.

link
ynh 5015 days ago
No problem I think I could fix it.

Can you show us how you read the content of the file. Just want to learn more

link
espes 5015 days ago
If it's a server used for other things, definitely a sandbox. gcc's not exactly security hardend. Best one (novel solution, though the code's old and shit) I've come across: https://pts-mini-gpl.googlecode.com/svn/trunk/uevalrun/doc/u...
link
ynh 5015 days ago
I have now used a the wrapper by gcc-explorer https://github.com/mattgodbolt/gcc-explorer/blob/master/c-pr...
link