Below, I emailed the “Trusting Trust” reference during our SG7 session on Circle in Prague, because SG7 was in the middle of discussing concerns about Circle’s approach of linking arbitrary libraries and executing them at compile time.

 

Since yesterday, I noticed the following tweets about Rust…

 

Tony “Abolish ICE” Arcieri 🦀 on Twitter: "Exfiltrating secrets with @rustlang macros: leveraging macro expansion in IDEs to exfiltrate secrets without compiling the code or even opening a file https://t.co/M2qhsfaLdX" / Twitter

 

Ralf (RPW) on Twitter: "„Open innocent_app in VSCode*, and the contents of your .ssh/id_rsa file will be sent over TCP to localhost:8080. You don't even need to open any files in the project!“ https://t.co/eKx2CWrirD" / Twitter

 

Björk on Twitter: "@hankadusikova ... Wait, what? You can do compile-time I/O (networking) in Rust, or is this because of plugins executing arbitrary code? https://t.co/soA3bD9vT2" / Twitter

 

David "Bear Feeder" Pollak🐈 on Twitter: "Oh crap! This will be 2021’s side channel attack… guess we have to run our compilers in containers with no network access…" / Twitter

 

This sounds a lot like the same issue… is it?

 

(Ah, I just saw Hana’s tweet before hitting Send – yup, sounds like it is the same issue, thank you Hana.)

 

 

 

From: Herb Sutter
Sent: Thursday, February 13, 2020 7:59 AM
To: sg7@lists.isocpp.org
Subject: Thompson Turing lecture

 

https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf

 

As we we think about extensible compilers and JITs, this is a classic paper worth remembering about supply chain issues with just ordinary closed compilers.

 

Herb

 

--
SG7 mailing list
SG7@lists.isocpp.org
https://lists.isocpp.org/mailman/listinfo.cgi/sg7