Am Samstag, dem 06.04.2024 um 15:00 +0200 schrieb Richard Biener: > On Fri, Apr 5, 2024 at 11:18 PM Andrew Sutton via Gcc <gcc@gcc.gnu.org> wrote: > > > > > > > > > > > > > > > I think the key difference here is that Autotools allows arbitrarily > > > generated code to be executed at any time. More modern build systems > > > require the use of specific commands/files to run arbitrary code, e.g. > > > CMake (IIRC [`execute_process()`][2] and [`ExternalProject`][3]), Meson > > > ([`run_command()`][1]), Cargo ([`build.rs`][4]).\ > > > > > > To me it seems that Cargo is the absolute worst case with respect to > > > supply chain attacks. > > > > > > It pulls in dependencies recursively from a relatively uncurated > > > list of projects, puts the source of all those dependencies into a > > > hidden directory in home, and runs Build.rs automatically with > > > user permissions. > > > > > > > 100% this. Wait until you learn how proc macros work. > > proc macro execution should be heavily sandboxed, otherwise it seems > compiling something is enough to get arbitrary code executed with the > permission of the compiling user. I mean it's not rocket science - browsers > do this for javascript. Hmm, we need a webassembly target ;)
This would be useful anyhow. And locking down the compiler using landlock to only access specified files / directories would also be nice in general. Martin
