[compiler-rt] [sanitizer] Disable writes to log files for binaries in a secure context. (PR #92593)

via llvm-commits llvm-commits at lists.llvm.org
Thu May 23 14:52:56 PDT 2024


bigb4ng wrote:

@vitalybuka I see your point. As long as there will be a clear warning in the docs about the dangers of using a sanitizer in a production environment, this can become a won't-fix. 

As an alternative, we can consider jailing the path in a smarter way, but there are downsides to this because writing files as a more privileged software albeit in jailed path can become a weaknesses that can potentially be exploited. 

As for testing, it should be possible with some linux magic:
```bash
unshare -Ur
chmod +s ./suid
unshare -U
ASAN_OPTIONS='log_path=a' ./suid
```

https://github.com/llvm/llvm-project/pull/92593


More information about the llvm-commits mailing list