[fpc-pascal] Remote FreePascal compile service, feedback requested

Michael Van Canneyt michael at freepascal.org
Tue Dec 6 10:21:02 CET 2005 


On Tue, 6 Dec 2005, Michalis Kamburelis wrote:

> Tom Verhoeff wrote:
> [...]
>> 
>> I was thinking of adding a remote FreePascal service along the following
>> lines.  You go to its web interface, browse for your source files
>> (possibly a whole zip archive) on your local machine, enter command-line
>> options, and let our server compile your stuff with a (selectable)
>> version of fpc (under Linux), then you get back the results (possibly
>> also in a zip archive).  Mabye we can support cross compiles as well.
>> 
>
> Great idea. I played a little and found two security issues :
>
> 1. Consider the following program, that let's the attacker know what's the 
> default display manager on your system:
>
> ----------------
> program get_file_contents;
>
> const
>  usr = 1;
>  bin = 1;
>  gdm = 10;
>  xdm = 100;
>  kdm = 1000;
>
> const
>  Marker = 1 {$I /etc/X11/default-display-manager};
>
> begin
>  Writeln(Marker);
> end.
> ----------------
>
> As you can see, this is achieved by using {$I ...} with an absolute path. 
> This way I can include arbitrary file, and do some tricks (like above 
> creating constants "usr", "bin" ... and then a constant "Marker" that has 
> different value depending on your display manager). This way I can 
> investigate various things about your system.
>
> (Wow, it was fun creating this program :) )
>
> Conclusion: be extra-careful about what people include with $I in their 
> submitted programs. So you have to either scan source files, or maybe run 
> within chroot. Or you must be sure that you don't have any sensitive 
> information readable by fpc process on your system.

I think that running the compiler must absolutely be done in a chroot()
environment, with adapted environment settings and using appropriate
setrlimit() settings to avoid memory and CPU hogs.

In Belgium there is a linux distribution for schools, and they run all
network related processes in chroot() environments. Takes some work to
set up, but is the most safe. For a service as this, I think it's
definitely needed.

Michael.

More information about the fpc-pascal mailing list