Skip to Content.
Sympa Menu

coq-club - Re: [Coq-Club] Safe to download and compile .v from evil source ?

coq-club AT inria.fr

Subject: The Coq mailing list

List archive

Re: [Coq-Club] Safe to download and compile .v from evil source ?


Chronological Thread 
  • From: Tej Chajed <tchajed AT mit.edu>
  • To: coq-club <coq-club AT inria.fr>
  • Cc: Jay Kruer <kruerj AT reed.edu>
  • Subject: Re: [Coq-Club] Safe to download and compile .v from evil source ?
  • Date: Sat, 1 Feb 2020 17:53:35 -0500
  • Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=tchajed AT mit.edu; spf=Pass smtp.mailfrom=tchajed AT mit.edu; spf=None smtp.helo=postmaster AT outgoing.mit.edu
  • Ironport-phdr: 9a23:4x1K0BHB3cw1SCl6B2Res51GYnF86YWxBRYc798ds5kLTJ7zp8iwAkXT6L1XgUPTWs2DsrQY0raQ7/uoGTRZp8rY6zZaKN0EfiRGoP1epxYnDs+BBB+zB9/RRAt+Iv5/UkR49WqwK0lfFZW2TVTTpnqv8WxaQU2nZkJ6KevvB4Hdkdm82fys9J3PeQVIgye2ba9vIBmsogjdq8YbjZFtJ6s/1xDFpmdEd/lMyW5nOF6ekQzw6tus8JJm7i9dp+8v+8lcXKvgYq82V6ZYDDMoM2A04M3kqxzORhaR63UfT2sbjANGDxDK4x/mUJjxtDD6tvdm1ymBIcL2V7E0Vi+84KptVRTllT0INz898GHQl8xwkKdWqw+vqhBj34LZZpyeOeFgda3BY9wVWWtBXt5QVyNfBIO8c5APBPcFMepBsoXxu0cCoR64CAKxBu3g1yVIi2f50q000esvEQ/I0g89EdwQrHvZt8/6OLsIXO2v0KXE0TfOYvVL0jn98ojIdRUhrOmSU71uc8ra1FciFwPfgVWSt4PqIi6e2+MRs2eH7+pvT+CvhHA6pAxqpzivx9sshpPXiY0I11DJ7CN0y5s7K92/TU50e9+kEJ1IuiGBK4t5WN8tQ2J2tyc11rIGuYS0fC4FyJs53RLQd/uHc42O7xn+V+iROS91iG9mdb6lgxu+61asx+7mWsWpzVpGtjRJnsXIu3wX1BHe6tKLRuVg8kqlwzqC2AHe5+dZKk4uj6XbMYQuwrsom5oTr0vDGij2lV3xjK+LakUk9e+o6+XhYrXpvJOcMo50ih3kPqswh8O/HPw0MgkIX2eF5eSxzKDv8E7jTLhOlPE6jKrUvIrHKcgGvqK5BhVa0ocn6xaxFTem19EYkGEbLF1ZeBKIlYrpNE/TL/3jCPe/gkisnC11yP/bI73tGo/NIWTbkLf9YbZ97FZRxxY0zdBG/p5bFrUBIO/oVULqr9zZDho5MxSuzOr9CdV90JkeWWOVDaODPqPSqwzA2uV6KO6VIYQRpTy1f/Mi/rvliWIzsV4bZ6igm5UNPiOWBPNjdnmUYzLHgt4DHGtC6hY1TOXohVGqVD9PIXu+QvRvtXkAFIu6ANKbFciWi7ub0XL+R8UOPzwUOhW3CX7tMr68dbIUcivDcMpgjnoJWaXzE9ZwhyHrjxfzzv9cFsSR/yQZsZz5090ktejSiVc/+SEmVp3AgVHIdHl9myYzfxFz3K17phUtmFCezad/gvpXU9lS+7VEXhpobZM=
I think you should assume that it's unsafe unless you run it in a carefully-designed sandbox. At the very least one can easily write files which take huge amounts of time, memory, or disk space while compiling.

For some idea of some of the issues, see this thread on a similar question for compiling C: https://security.stackexchange.com/questions/138881/is-it-dangerous-to-compile-arbitrary-c. In particular see Matt G's answer, since he runs a site that compiles arbitrary C. Essentially he runs the whole thing in a VM that doesn't have secrets, and then has extra mitigations to give nicer error messages when people try to exploit the compiler.

On Sat, Feb 1, 2020 at 5:44 PM Andres Erbsen <andreser AT mit.edu> wrote:
Redirect and Extraction commands write to the disk by spec. I reported it a while back and was told that I shouldn't expect coqc on unknown code to be safe in any sense.

Archive powered by MHonArc 2.6.18.

Top of Page