Skip to content

Instantly share code, notes, and snippets.

@iffy

iffy/proposal.md

Created March 30, 2021 12:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save iffy/2558525fe9bf4fffccda47ecb0781582 to your computer and use it in GitHub Desktop.
Save iffy/2558525fe9bf4fffccda47ecb0781582 to your computer and use it in GitHub Desktop.
Download ZIP
Idea for making Nim's `staticExec`/`staticRead` auditable
Raw
proposal.md

I agree that it's impossible for Nim to protect you if you're willing to compile other people's code.

However, it could be good if Nim provided a means for auditing calls to staticExec/staticRead. Or at least provided means for someone else to write an auditing library. I imagine something like the following could work and not be onerous either to the user or the compiler:

  1. nim c --strictStatic myfile.nim

This would fail on all instances of staticExec with a message like:

ERROR: Prevented execution of myfile.nim:staticExec("/bin/echo foo") Pass --allowStatic:'myfile.nim:staticExec("/bin/echo foo")' to allow it

  1. The user verifies that they're okay with that execution and either passes the noted flag or puts it in their config.nims:

switch("allowStatic", """myfile.nim:staticExec("/bin/echo foo")""")

  1. If the user always compiles with --strictStatic, then if they update a library which includes a new staticExec call, compilation will fail so that they can update config.nims or reject the change.

A few notes:

  • The --allowStatic flag would be passed multiple times, one for each staticExec/staticRead call.
  • The flag could possibly support globbing or regex, but it would be on the user to ensure their regex/glob is good.
  • Nimble packages must be prevented from setting --allowStatic for users of the package.
  • I'm not sure what the format for the --allowStatic value should be. That's endlessly debatable.
  • I also don't know if the input argument to staticExec should be included in the --allowStatic flag value.
  • Another flag (e.g. -d:logStatic or something) could list all successful static calls done during compilation for further auditing.

This ability to audit code would be required for me to introduce Nim at my company, at least. And as I mentioned above, this doesn't have to be provided by the Nim stdlib, but there should be a way to hook in to staticExec such that an auditing tool could be created.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment