[lldb-dev] [Bug 28019] New: Possibly insecure use of TCP sockets by LLDB

via lldb-dev lldb-dev at lists.llvm.org
Mon Jun 6 10:24:51 PDT 2016


            Bug ID: 28019
           Summary: Possibly insecure use of TCP sockets by LLDB
           Product: lldb
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: lldb-dev at lists.llvm.org
          Reporter: demiobenour at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

As I understand it LLDB uses a client-server architecture.  The client and
server communicate over TCP sockets.

This is insecure.  When the client and server are on the same machine and the
socket bound to localhost, this allows local execution of arbitrary code by an
unpriviliged and untrusted user distinct from the user LLDB is running as. 
When the client and server are on different machines, this allows for remote
execution of arbitrary code.

LLDB needs to ensure strong authentication (and, in the remote case,
encryption) of all messages.  This can be done by using SSH.  In the local
case, the best answer is to use Unix domain sockets in a secure directory (on
*nix) or named pipes with a restrictive (non-default) ACL plus authentication
of the server to the client (perhaps by demanding that the server HMAC a random
client-generated string using a key found in a temporary file only the client's
user has access to).

As I understand it LLDB uses an auth hash currently.  This works on localhost
only, but it would be better to HMAC every message.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20160606/eb8f8817/attachment-0001.html>

More information about the lldb-dev mailing list