[lldb-dev] [Bug 28019] New: Possibly insecure use of TCP sockets by LLDB
via lldb-dev
lldb-dev at lists.llvm.org
Mon Jun 6 10:24:51 PDT 2016
https://llvm.org/bugs/show_bug.cgi?id=28019
Bug ID: 28019
Summary: Possibly insecure use of TCP sockets by LLDB
Product: lldb
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: lldb-dev at lists.llvm.org
Reporter: demiobenour at gmail.com
CC: llvm-bugs at lists.llvm.org
Classification: Unclassified
As I understand it LLDB uses a client-server architecture. The client and
server communicate over TCP sockets.
This is insecure. When the client and server are on the same machine and the
socket bound to localhost, this allows local execution of arbitrary code by an
unpriviliged and untrusted user distinct from the user LLDB is running as.
When the client and server are on different machines, this allows for remote
execution of arbitrary code.
LLDB needs to ensure strong authentication (and, in the remote case,
encryption) of all messages. This can be done by using SSH. In the local
case, the best answer is to use Unix domain sockets in a secure directory (on
*nix) or named pipes with a restrictive (non-default) ACL plus authentication
of the server to the client (perhaps by demanding that the server HMAC a random
client-generated string using a key found in a temporary file only the client's
user has access to).
As I understand it LLDB uses an auth hash currently. This works on localhost
only, but it would be better to HMAC every message.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20160606/eb8f8817/attachment-0001.html>
More information about the lldb-dev
mailing list