[PATCH] D70326: [docs] LLVM Security Group and Process
JF Bastien via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Fri Jul 10 13:57:49 PDT 2020
jfb marked 2 inline comments as done.
jfb added inline comments.
================
Comment at: llvm/docs/Security.rst:204
+* Language front-ends, such as clang, for which a malicious input file can cause undesirable behavior. For example, a maliciously-crafter C or Rust source file can cause arbitrary code to execute in LLVM. These parts of LLVM haven't been hardened, and compiling untrusted code usually also includes running utilities such as `make` which can more readily perform malicious things.
+* *FUTURE*: this section will be expanded.
----------------
jkorous wrote:
> We should probably include tools that need to be run with elevated privileges of some sort. For example lldb getting root.
We'd need LLDB maintainers signing up to doing this maintenance. Not that we can't / shouldn't, but that we ought to consider these one at a time, with proper support.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70326/new/
https://reviews.llvm.org/D70326
More information about the llvm-commits
mailing list