[lldb-dev] [llvm-dev] LLDB security and the use of an IPC library

Chris Bieneman via lldb-dev lldb-dev at lists.llvm.org
Wed Apr 26 19:06:51 PDT 2017


(+LLDB-Dev) most of the LLDB developers hang out there more than on LLVM-Dev.

> On Apr 26, 2017, at 12:26 PM, Demi Marie Obenour via llvm-dev <llvm-dev at lists.llvm.org> wrote:
> 
> LLDB currently uses a client-server architecture.  That appears fine,
> but runs into an annoying security problem: other users on the same
> machine can connect to the TCP socket and take over LLDB and thus the
> user’s system.  This means that LLDB is useless in multiuser
> enviromnents on Linux, such as academic computer labs.
> 
> The immediate problem can be solved by using either HMAC authentication
> of all messages or by using Unix domain sockets.  However, it might be
> simpler to use a 3rd party library for the purpose:
> https://github.com/DemiMarie/SlipRock (Disclaimer: I wrote SlipRock).
> 
> Questions:
> 
> - Would you be interested in using SlipRock?

Probably not. Generally we shy away from using third party libraries.

> 
> - What features would SlipRock need in order to be useful to you?  In
>   particular, do you need an asynchronous API, or is synchronous fine?

The biggest thing that I would see as a barrier for us using SlipRock is that it would have to provide a large advantage in order to justify using it. We generally don't use middleware libraries that are not readily available on the platforms that we support, usually either via a package manager or shipping on the OS.

> 
> - If not, would you be willing to accept patches to fix the existing
> bug?

I was actually looking at this code earlier this week. On OS X we do use Unix socketpair to construct domain sockets between debugserver and lldb. Presently lldb-server (the debugserver implementation used everywhere other than OS X) doesn't support accepting a socket pair, but we can and should fix that. I've been working recently on making more of LLDB's code properly configured based on system capabilities rather than hard coded assumptions. This will make it easier for us to do these kinds of things right in the future.

If you're interested in working on getting lldb-server working with socketpair we would certainly take the patches, and I'd be happy to provide review or guidance as needed.

Thanks,
-Chris

> 
> Sincerely,
> 
> Demi Obenour
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev



More information about the lldb-dev mailing list