[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)
via llvm-commits
llvm-commits at lists.llvm.org
Thu May 23 14:52:56 PDT 2024
bigb4ng wrote:
@vitalybuka I see your point. As long as there will be a clear warning in the docs about the dangers of using a sanitizer in a production environment, this can become a won't-fix.
As an alternative, we can consider jailing the path in a smarter way, but there are downsides to this because writing files as a more privileged software albeit in jailed path can become a weaknesses that can potentially be exploited.
As for testing, it should be possible with some linux magic:
```bash
unshare -Ur
chmod +s ./suid
unshare -U
ASAN_OPTIONS='log_path=a' ./suid
```
https://github.com/llvm/llvm-project/pull/92593
More information about the llvm-commits
mailing list