Date: Sat, 15 May 2021 23:49:11 +0000
I should tease apart two things:
Yes, the general issue is the ability to link and run arbitrary libs at compile time. That’s the main point below, a concern we had that appears to be arising in the wild for languages that went down that path.
But, secondarily, I thought it’s also related to the narrower issue of Trusting Trust attacks because Thompson’s initial approach required a specially-crafted compiler binary that already carried the malicious code, whereas the ability to execute arbitrary libraries at compile time (esp. malicious ones that can do introspection) could give a new vector to inject Trusting Trust attacks… the compiler can be totally pristine, but comes with a launchpad to let you provide the malicious code later. No?
From: JF Bastien <cxx_at_jfbastien.com>
Sent: Saturday, May 15, 2021 3:34 PM
To: sg7_at_lists.isocpp.org
Cc: Hana Dusíková <hanicka_at_[hidden]>; Chandler Carruth <chandlerc_at_[hidden]>; Herb Sutter <hsutter_at_[hidden]>
Subject: Re: [SG7] Thompson Turing lecture
It's not really the same issue: trusting trust is about the compiler changing the code it's compiling (including changing a compiler it's compiling to continue having this behavior), whereas the Rust thing is that macros can execute arbitrary Rust including networking code. The Rust problem is equivalent to putting arbitrary code in your makefile. It's something that you could sandbox and disallow (say, by running the compiler in a container). Whereas trusting trust is very hard to detect because the compiler's output binary is what's been compromised and you can't easily tell.
On Sat, May 15, 2021 at 3:24 PM Herb Sutter via SG7 <sg7_at_[hidden]<mailto:sg7_at_[hidden]>> wrote:
Below, I emailed the “Trusting Trust” reference during our SG7 session on Circle in Prague, because SG7 was in the middle of discussing concerns about Circle’s approach of linking arbitrary libraries and executing them at compile time.
Since yesterday, I noticed the following tweets about Rust…
Tony “Abolish ICE” Arcieri 🦀 on Twitter: "Exfiltrating secrets with @rustlang macros: leveraging macro expansion in IDEs to exfiltrate secrets without compiling the code or even opening a file https://t.co/M2qhsfaLdX" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fbascule%2Fstatus%2F1393228285056741376&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365841167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=G267zWwO9AX%2F3O0NRhQiGMIJJ8CD2A66ksYKok9as0I%3D&reserved=0>
Ralf (RPW) on Twitter: "„Open innocent_app in VSCode*, and the contents of your .ssh/id_rsa file will be sent over TCP to localhost:8080. You don't even need to open any files in the project!“ https://t.co/eKx2CWrirD" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fesizkur%2Fstatus%2F1393477018474459137&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365851162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=8WgNZXJKVCoFeUgU4lOGmrSRN%2FEJwDnIvy5BptZkOyo%3D&reserved=0>
Björk on Twitter: "@hankadusikova ... Wait, what? You can do compile-time I/O (networking) in Rust, or is this because of plugins executing arbitrary code? https://t.co/soA3bD9vT2" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2F__phantomderp%2Fstatus%2F1393553321177321473&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365861161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=JYRYlAxAlIj874btarG5yVdqa4WwFanyYIqCeJ%2FP9hU%3D&reserved=0>
David "Bear Feeder" Pollak🐈 on Twitter: "Oh crap! This will be 2021’s side channel attack… guess we have to run our compilers in containers with no network access…" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdpp%2Fstatus%2F1393614418269802501&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365871158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FN7TEy1emthwaJa4IX4NwgKa8LyGdcx1%2BtJ7tL34GK0%3D&reserved=0>
This sounds a lot like the same issue… is it?
(Ah, I just saw Hana’s tweet<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhankadusikova%2Fstatus%2F1393532440120074243%3Fs%3D20&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=B5%2F3HwNOjk10s1UcxOJ7N6k0qpbCU1ldT4Qhthpxj%2BM%3D&reserved=0> before hitting Send – yup, sounds like it is the same issue, thank you Hana.)
From: Herb Sutter
Sent: Thursday, February 13, 2020 7:59 AM
To: sg7_at_[hidden]<mailto:sg7_at_lists.isocpp.org>
Subject: Thompson Turing lecture
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf<https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fwww.cs.cmu.edu%2F~rdriley%2F487%2Fpapers%2FThompson_1984_ReflectionsonTrustingTrust.pdf&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=qWJ5TJJ1LacYSAnZqFU6fiulR6iyb5CNlMF1skn72Vo%3D&reserved=0>
As we we think about extensible compilers and JITs, this is a classic paper worth remembering about supply chain issues with just ordinary closed compilers.
Herb
--
SG7 mailing list
SG7_at_[hidden]cpp.org<mailto:SG7_at_[hidden]>
https://lists.isocpp.org/mailman/listinfo.cgi/sg7<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isocpp.org%2Fmailman%2Flistinfo.cgi%2Fsg7&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365891145%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3ZKbFwRpHiQ3981DPNxSVWXndKEKo8Xj%2BB6FzcbLuj4%3D&reserved=0>
Yes, the general issue is the ability to link and run arbitrary libs at compile time. That’s the main point below, a concern we had that appears to be arising in the wild for languages that went down that path.
But, secondarily, I thought it’s also related to the narrower issue of Trusting Trust attacks because Thompson’s initial approach required a specially-crafted compiler binary that already carried the malicious code, whereas the ability to execute arbitrary libraries at compile time (esp. malicious ones that can do introspection) could give a new vector to inject Trusting Trust attacks… the compiler can be totally pristine, but comes with a launchpad to let you provide the malicious code later. No?
From: JF Bastien <cxx_at_jfbastien.com>
Sent: Saturday, May 15, 2021 3:34 PM
To: sg7_at_lists.isocpp.org
Cc: Hana Dusíková <hanicka_at_[hidden]>; Chandler Carruth <chandlerc_at_[hidden]>; Herb Sutter <hsutter_at_[hidden]>
Subject: Re: [SG7] Thompson Turing lecture
It's not really the same issue: trusting trust is about the compiler changing the code it's compiling (including changing a compiler it's compiling to continue having this behavior), whereas the Rust thing is that macros can execute arbitrary Rust including networking code. The Rust problem is equivalent to putting arbitrary code in your makefile. It's something that you could sandbox and disallow (say, by running the compiler in a container). Whereas trusting trust is very hard to detect because the compiler's output binary is what's been compromised and you can't easily tell.
On Sat, May 15, 2021 at 3:24 PM Herb Sutter via SG7 <sg7_at_[hidden]<mailto:sg7_at_[hidden]>> wrote:
Below, I emailed the “Trusting Trust” reference during our SG7 session on Circle in Prague, because SG7 was in the middle of discussing concerns about Circle’s approach of linking arbitrary libraries and executing them at compile time.
Since yesterday, I noticed the following tweets about Rust…
Tony “Abolish ICE” Arcieri 🦀 on Twitter: "Exfiltrating secrets with @rustlang macros: leveraging macro expansion in IDEs to exfiltrate secrets without compiling the code or even opening a file https://t.co/M2qhsfaLdX" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fbascule%2Fstatus%2F1393228285056741376&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365841167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=G267zWwO9AX%2F3O0NRhQiGMIJJ8CD2A66ksYKok9as0I%3D&reserved=0>
Ralf (RPW) on Twitter: "„Open innocent_app in VSCode*, and the contents of your .ssh/id_rsa file will be sent over TCP to localhost:8080. You don't even need to open any files in the project!“ https://t.co/eKx2CWrirD" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fesizkur%2Fstatus%2F1393477018474459137&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365851162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=8WgNZXJKVCoFeUgU4lOGmrSRN%2FEJwDnIvy5BptZkOyo%3D&reserved=0>
Björk on Twitter: "@hankadusikova ... Wait, what? You can do compile-time I/O (networking) in Rust, or is this because of plugins executing arbitrary code? https://t.co/soA3bD9vT2" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2F__phantomderp%2Fstatus%2F1393553321177321473&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365861161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=JYRYlAxAlIj874btarG5yVdqa4WwFanyYIqCeJ%2FP9hU%3D&reserved=0>
David "Bear Feeder" Pollak🐈 on Twitter: "Oh crap! This will be 2021’s side channel attack… guess we have to run our compilers in containers with no network access…" / Twitter<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdpp%2Fstatus%2F1393614418269802501&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365871158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FN7TEy1emthwaJa4IX4NwgKa8LyGdcx1%2BtJ7tL34GK0%3D&reserved=0>
This sounds a lot like the same issue… is it?
(Ah, I just saw Hana’s tweet<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhankadusikova%2Fstatus%2F1393532440120074243%3Fs%3D20&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=B5%2F3HwNOjk10s1UcxOJ7N6k0qpbCU1ldT4Qhthpxj%2BM%3D&reserved=0> before hitting Send – yup, sounds like it is the same issue, thank you Hana.)
From: Herb Sutter
Sent: Thursday, February 13, 2020 7:59 AM
To: sg7_at_[hidden]<mailto:sg7_at_lists.isocpp.org>
Subject: Thompson Turing lecture
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf<https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fwww.cs.cmu.edu%2F~rdriley%2F487%2Fpapers%2FThompson_1984_ReflectionsonTrustingTrust.pdf&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=qWJ5TJJ1LacYSAnZqFU6fiulR6iyb5CNlMF1skn72Vo%3D&reserved=0>
As we we think about extensible compilers and JITs, this is a classic paper worth remembering about supply chain issues with just ordinary closed compilers.
Herb
--
SG7 mailing list
SG7_at_[hidden]cpp.org<mailto:SG7_at_[hidden]>
https://lists.isocpp.org/mailman/listinfo.cgi/sg7<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isocpp.org%2Fmailman%2Flistinfo.cgi%2Fsg7&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365891145%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3ZKbFwRpHiQ3981DPNxSVWXndKEKo8Xj%2BB6FzcbLuj4%3D&reserved=0>
Received on 2021-05-15 18:49:36