-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Arbitrary Shell Execution through #[link_section] #118
Comments
These kinds of things can be filtered via this flotilla of lints: rust-lang/rust#82499 |
I probably need to redesign the unsafe detection, there was an alternate design that used a shell-game around building the code without the |
To address this part of your question more directly: Rust is very, very lax about whitespace in most cases where a logical segment in the parse could be interpreted as existing. |
What lints can we add to Cargo.toml to validate that they will actually catch this behavior? |
It involves restructuring the build a bit to let us do a "dry run" pre-build and then do it "for real", as mentioned. I am working on that PR. |
I have a draft branch for this that successfully catches this specific example, but it is still technically possible to get |
TODO:
|
This fixes tcdi#118
The shell code in init_array is always executed first leading to arbitrary shell execution potentially.
-- Repro removed temporarily
Is there something in Cargo/rustc or a more "Rust" way to detect and prevent these things?
The text was updated successfully, but these errors were encountered: