Fix command injection and import path traversal in compiler#1159
Open
marcauberer wants to merge 3 commits into
Open
Fix command injection and import path traversal in compiler#1159marcauberer wants to merge 3 commits into
marcauberer wants to merge 3 commits into
Conversation
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
HIGH: The compiler built linker/archiver/run commands as shell strings and executed them via popen/_popen, so attacker-influenceable file paths (object files derived from source/import filenames, the -o output path) could inject shell commands at compile/link time when building untrusted projects. Replace shell-based execution in the compiler with a shell-free SystemUtil::exec(program, args, ...) built on llvm::sys::findProgramByName + ExecuteAndWait, passing every argument verbatim through an argv vector. Convert all compiler-side callers (linker, archiver, runBinary, Graphviz dot) and reimplement isCommandAvailable via findProgramByName (drops std::system). The '$(clang -print-resource-dir)' sanitizer flag is now resolved in C++. The old string/shell exec is retained only for the test harness, with a warning. MEDIUM: ImportCollector resolved raw import-path strings against the project / std / bootstrap roots without validation, allowing path traversal (e.g. import "../../../etc/x" or "std/../../../etc/x") to escape the intended tree. Reject absolute/rooted paths and any '..' component before resolution, with a new INVALID_IMPORT_PATH semantic error. Add a reference test. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
marcauberer
force-pushed
the
security/fix-cmd-injection-path-traversal
branch
from
e668132 to
768ad94
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes two security vulnerabilities in the C++ compiler's handling of untrusted input (malicious
.spicesource / projects compiled by a build service or CI).HIGH — Command injection via shell-interpreted linker/archiver/run commands
The compiler built the linker, archiver and "run" commands as a single string and executed them through a shell (
popen/_popen). File paths were concatenated unquoted, and object-file names derive directly from source/import filenames (outputDir / filePath.filename()). On Linux a filename may contain$,`,;, spaces, etc., so a project shipping a file named e.g.x$(touch pwned).spiceand importing it achieves arbitrary command execution at link time. The-ooutput path was a second injection point.Fix: stop building shell strings in the compiler. Added a shell-free
SystemUtil::exec(program, args, …)built onllvm::sys::findProgramByName+ExecuteAndWait, passing every argument verbatim via an argv vector (output captured through a temp file). Converted all compiler-side callers —ExternalLinkerInterface::link()/archive(),Driver::runBinary(), and the Graphvizdotinvocation — and reimplementedisCommandAvailable()viafindProgramByName(droppingstd::system/which/where). The$(clang -print-resource-dir)shell substitution previously embedded in the MSAN/TYSAN linker flag is now resolved in C++ (getClangResourceDir()). The old string/shellexecis retained only for the test harness, with a doc comment warning it must never take untrusted input.MEDIUM — Path traversal in import resolution
ImportCollector::visitImportDefconcatenated the raw import-path string into a filesystem path with no validation, soimport "../../../etc/x"(or thestd/../../../etc/xbypass) could escape the project / std / bootstrap roots — a sandbox escape and file-existence oracle.Fix: validate the import path before resolution — reject absolute/rooted paths (
has_root_path()catches/etc,C:/…,C:\…) and any..component — with a newINVALID_IMPORT_PATHsemantic error. No existing.spicein the repo uses../absolute imports, so nothing legitimate breaks. Added a reference test undertest/test-files/typechecker/imports/error-import-path-traversal/.Files
src/util/SystemUtil.{h,cpp}— shell-free argvexec;isCommandAvailableviafindProgramByNamesrc/linker/ExternalLinkerInterface.cpp— argv-based link/archive; resolve clang resource dirsrc/driver/Driver.cpp,src/SourceFile.cpp— argv-based run / dotsrc/importcollector/ImportCollector.cpp— import-path validationsrc/exception/SemanticError.{h,cpp}—INVALID_IMPORT_PATHtest/test-files/typechecker/imports/error-import-path-traversal/— new testTesting / reviewer notes
g++ -std=c++23 -fsyntax-only, but the full build and tests were not run locally.spicetestfor the newerror-import-path-traversalcase and regenerate itsexception.outwith--update-refsif the message text differs (it was hand-authored to match the existing convention).🤖 Generated with Claude Code