[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[sr #111048] Add a syntax check to code snippets

From: anonymous
Subject: [sr #111048] Add a syntax check to code snippets
Date: Fri, 5 Apr 2024 03:44:13 -0400 (EDT)


                 Summary: Add a syntax check to code snippets
                   Group: Autoconf
               Submitter: None
               Submitted: Fri 05 Apr 2024 07:44:13 AM UTC
                Priority: 5 - Unprioritized
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: fbauzac@amadeus.com
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: GNU/Linux


Follow-up Comments:

Date: Fri 05 Apr 2024 07:44:13 AM UTC By: Anonymous

As you may know, an attack related to XZ Utils (lzma) has been


The malicious account has disabled a feature by sneakily forging an
always-failing code.  This has been done by introducing a syntax error
in a CMake file (a dot at the beginning of a line):


So the CMake project is considering adding a preliminary syntax check
(with a verbose error message) in addition to the full check (which
fails rather silently), so that such disabling does not go unnoticed:


This makes me think that Autoconf does compilation checks similar to
that of CMake, and therefore an attacker could similarly, sneakily
disable a feature.

Should Autoconf similarly add a syntax check?  I'm leaving this open
question to the community.


Best regards


Reply to this item at:


Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]