Hacker News new | past | comments | ask | show | jobs | submit login

Terrible examples, considering that these are programming languages that people will use to run code from random sources.

"git clone foo && cmake foo" can definitely be a security problem, and not just because the code itself is untrusted.




It's not cmake's job to limit the behaviour of programs written with it.


OTOH, allocating & using memory correctly so that a maliciously-crafted Makefile can't get elevated permissions is.


A makefile can call whatever it wants so if you run a malicious one you're already hacked. There's nothing you can do with a cmake buffer overrun that you can't also do just by writing a normal cmake file to call out whichever malicious commands you want.


>> It's not cmake's job to limit the behaviour of programs written with it.

> OTOH, allocating & using memory correctly so that a maliciously-crafted Makefile can't get elevated permissions is.

https://en.wikipedia.org/wiki/Not_even_wrong


You are technically not wrong, of course, but if the attack vector got already to running Makefiles on your system, you should probably focus your effort to tighten security elsewhere.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: