It's something I use to measure certain things, like how many instructions does a C++ exception add etc.
It's run in a docker container, and I think I strip out any slashes from includes. I'm pretty sure the container is not executing stuff as root as well. Still, probably not bulletproof.
#include "\
/etc/passwd"
program221/code.cpp:1:11: warning: backslash-newline at end of file
1 | #include "\
|
In file included from program221/code.cpp:2:
/etc/passwd:1:5: error: found ':' in nested-name-specifier, expected '::'
1 | root:x:0:0:root:/root:/bin/bash
| ^
| ::
/etc/passwd:1:1: error: 'root' does not name a type
1 | root:x:0:0:root:/root:/bin/bash
| ^~~~
Is it possible to restrict the compiler's access to only files in "/usr/include" instead? Seems like it'd be hard to cover every case with just pattern matching.
It would be awesome if you could place restrictions on the compiler, but I don't know of any such features atm. Still, the compilation happens in the container (which is just a default Ubuntu image with a cross compiler in it). I don't know how much information there is to disclose. Not taking it lightly though, I guess I will have to find a way to really handle the preprocessor stuff, but I still want people to be able to include system headers.
> Is it possible to restrict the compiler's access to only files in "/usr/include" instead? Seems like it'd be hard to cover every case with just pattern matching.
It's something I use to measure certain things, like how many instructions does a C++ exception add etc.
It's run in a docker container, and I think I strip out any slashes from includes. I'm pretty sure the container is not executing stuff as root as well. Still, probably not bulletproof.