Andy Wingo
just saw someone argue that llvm cannot be used as backend for a wasm compiler that processes untrusted input, because "a maliciously crafted C, Rust or bitcode input file can cause arbitrary code to execute in LLVM" (https://llvm.org/docs/Security.html#what-is-considered-a-security-issue)
what do we think, chat
Andrew Kelley
@wingo I completely agree - I think they should choose to have security as a goal also for the compiler pipeline
Andy Wingo
@andrewrk but this is wild, there’s nothing different about a compiler here than, like, notepad reading untrusted txt files; seems like quite the capitulation
Andrew Kelley
@wingo reasonable concern, if you're running the compiler in a trusted environment against untrusted code.
Not necessarily because LLVM is implemented in C++, but because the project declares security a non-goal for the compiler code (according to your link)
✧✦Catherine✦✧
@dpk @wingo i vaguely recall Andy saying that Wastrel was prompted by https://github.com/YoWASP/clang ?
Daphne Preston-Kendal
@wingo Wait, couldn’t you compile LLVM itself to WASM, compile the WASM to C with Wastrel, then any compile time code execution in LLVM is inside the WASM sandbox too?
I realize that ‘get Wastrel to the point of being able to compile and run LLVM’ may itself be a tall order 😅
Andy Wingo
@whitequark @dpk i am more interested in gc, i just used your toolchain as a test (as it was in the w2c2 repository)
✧✦Catherine✦✧
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.