The most of the functions could be overloaded. You could overload those functions, filter options out and pass the new options to the original function which starts with and '_' underscore.
The most of the CMake module files could also be overloaded. Hope it helps Best regards Roman > Am 21.08.2016 um 10:24 schrieb Tobias Hunger <tobias.hun...@gmail.com>: > > Hi Egor, > > Am 20.08.2016 23:42 schrieb "Egor Pugin" <egor.pu...@gmail.com>: > > You are right at many points. It's hard to really secure the system > > from build system/build artifacts/3rd party apps. > > But step by step it's possible to decrease number of potential sources > > of vulnerabilities. > > Retrofitting security into a product that was designed without any > consideration for security from the start is going to be hard. > > I do not know what you want to do, so I am not going to claim it is > impossible:-) > > > Described cmake features would be very helpful for this. > > Right now I'm just investigating possible security improvements and > > this is only 'nice-to-have' feature. > > What are the attack scenarios you want to defend against? What should not be > possible in your system that currently is in CMake? How do these steps help > in securing against those attacks? > > As a user of CMake I am very much opposed to disabling functionality based on > the context: That forces me to keep more state in my head when reading > CMakeLists.txt files. CMake does way too much in a way to obscure syntax > already! > > Best regards, > Tobias > > > On 21 August 2016 at 00:25, Tobias Hunger <tobias.hun...@gmail.com> wrote: > > > Hi Egor, > > > > > > Am 20.08.2016 13:48 schrieb "Egor Pugin" <egor.pu...@gmail.com>: > > >> > > >> Hi, > > >> > > >> I'm working on a package manager based on cmake. > > >> And some cmake instructions are downloaded with user packages. > > >> I'd like to have an ability to deny some cmake features in such > > >> external untrusted insertions. > > > > > > I am no CMake expert, but you are talking about securing a program that is > > > meant to take arbitrary input and run user-defined commands on that to > > > produce possibly executable output. > > > > > > I do not see any safe subset of CMake commands that is still able to do > > > anything useful. > > > > > > I can see a way for "insertions" to be useful, that does not involve them > > > changing the configuration (e.g. for a cross compiler), involve running > > > some > > > 3rd party program (e.g. to add support for a new documentation system, > > > parser generator or whatnot), or the production of build artifacts (e.g. > > > build some library for the developer to use). > > > > > > *All* of these are inheritently unsafe. > > > > > > Configuration change: Change the C compiler to rm and pass force -rf -- / > > > as > > > flags. > > > > > > 3rd party program: Run rm -rf / when some certain input file is seen. > > > > > > Build artifacts: Put running rm -rf / into the binary/library so that this > > > is run during normal development workflow. > > > > > > I would try to run my package manager in an environment where running rm > > > -rf > > > is harmless to the overall system health. Virtual machines or containers > > > spring to mind there. Not sure that is feasible. > > > > > > Or come up with insertions signing, etc. so that users can at least know > > > they got what was uploaded and know whom to blame when their systems get > > > wiped. > > > > > > Beat Regards, > > > Tobias > > > > > > > > -- > > Egor Pugin > > -- > > Powered by www.kitware.com > > Please keep messages on-topic and check the CMake FAQ at: > http://www.cmake.org/Wiki/CMake_FAQ > > Kitware offers various services to support the CMake community. For more > information on each offering, please visit: > > CMake Support: http://cmake.org/cmake/help/support.html > CMake Consulting: http://cmake.org/cmake/help/consulting.html > CMake Training Courses: http://cmake.org/cmake/help/training.html > > Visit other Kitware open-source projects at > http://www.kitware.com/opensource/opensource.html > > Follow this link to subscribe/unsubscribe: > http://public.kitware.com/mailman/listinfo/cmake-developers
-- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers
