[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #111048] Add a syntax check to code snippets
From: |
anonymous |
Subject: |
[sr #111048] Add a syntax check to code snippets |
Date: |
Fri, 5 Apr 2024 03:44:13 -0400 (EDT) |
URL:
<https://savannah.gnu.org/support/?111048>
Summary: Add a syntax check to code snippets
Group: Autoconf
Submitter: None
Submitted: Fri 05 Apr 2024 07:44:13 AM UTC
Priority: 5 - Unprioritized
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email: fbauzac@amadeus.com
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Fri 05 Apr 2024 07:44:13 AM UTC By: Anonymous
Hello,
As you may know, an attack related to XZ Utils (lzma) has been
discovered:
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
The malicious account has disabled a feature by sneakily forging an
always-failing code. This has been done by introducing a syntax error
in a CMake file (a dot at the beginning of a line):
https://git.tukaani.org/?p=xz.git;a=commitdiff;h=328c52da8a2bbb81307644efdb58db2c422d9ba7
So the CMake project is considering adding a preliminary syntax check
(with a verbose error message) in addition to the full check (which
fails rather silently), so that such disabling does not go unnoticed:
https://gitlab.kitware.com/cmake/cmake/-/issues/25846
This makes me think that Autoconf does compilation checks similar to
that of CMake, and therefore an attacker could similarly, sneakily
disable a feature.
Should Autoconf similarly add a syntax check? I'm leaving this open
question to the community.
Thanks!
Best regards
Fabrice
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/support/?111048>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [sr #111048] Add a syntax check to code snippets,
anonymous <=
- [sr #111048] Add a syntax check to code snippets, Fabrice BAUZAC-STEHLY, 2024/04/05
- [sr #111048] Add a syntax check to code snippets, Collin Funk, 2024/04/05
- [sr #111048] Add a syntax check to code snippets, Fabrice BAUZAC-STEHLY, 2024/04/05
- [sr #111048] Add a syntax check to code snippets, Fabrice BAUZAC-STEHLY, 2024/04/05
- [sr #111048] Add a syntax check to code snippets, Martin Nilsson, 2024/04/09