![]() ![]() Languages which allow Turing-computation at compile time.Scala also has compiler plugins, which are again arbitrary Scala code that runs at compile time. Scala's macro language is Scala, Common Lisp's macro language is Common Lisp, Template Haskell's macro language is Haskell. Languages allowing arbitrary code to run at compile time.Technically, this is not due to compiling the attacker's code but rather setting up the compile environment. ![]() A Makefile, a build.xml, a configure shell script etc. ![]() The attacker may get you to execute some arbitrary code as part of the compilation process. Like every complex program, a compiler might have bugs, and one of those bugs might be exploitable. So though compiling is not "totally safe" in theory, IMHO in reality the risk is extremely low that your "compiler gets pwned". ![]() There are not many people in the world who actually know how to technically accomplish such a task (and googling alone won't give you a "quick ref" or tutorial on this, as you have already found out by yourself). You do not compile anything which looks suspicious to you You do not accept programs which are too large to be effectively reviewed He / she does not know if you use a virtual environment or an online compiler, just to be safe He / she does not know which exact compiler version you are using The guy does not know how much reviewing is done at yours The applicant makes a plausible impression on you he really wants the job at your company (and not a lawsuit) However, in reality, how high do you consider the risk, assumed that My favorite place to look for something like this would probably be the International Obfuscated C contest - (do not know if there is something comparable for Java). I am pretty sure somewhere in the business there are some clever guys who have already created such a hack for a specific language and compiler version. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |