[llvm] [llvm][Support] Add UNIX socket support (PR #73603)
Michael Spencer via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 14 16:28:51 PST 2023
Bigcheese wrote:
> It does show up in `dumpbin /dependents` output, which is super weird for a compiler. And now, if you have a compile farm, an attacker might be able to send you source code that can just call dormant winsock functions to do network access. (Granted, previously they could LoadLibrary() it, and you should have a sandbox, but it's still bad for a compiler to have a dep on winsock.) And for the other deps, we at least delayload them.
I think it's fine to delay load it, I'll try out adding that.
As for the security concerns, it's already true that you have to lock down clang (or almost any compiler) if you're accepting arbitrary code. On most POSIX systems you already have access to the socket functions via libc anyway, and as you say on Windows you can just dynamically load them. Linking against winsock doesn't actually change anything here.
Note that GCC also uses sockets now for modules via `-fmodule-mapper`, including support for TCP.
https://github.com/llvm/llvm-project/pull/73603
More information about the llvm-commits
mailing list