[Bug 28019] New: Possibly insecure use of TCP sockets by LLDB

Bug ID 28019
Summary Possibly insecure use of TCP sockets by LLDB
Product lldb
Version unspecified
Hardware PC
OS Linux
Status NEW
Severity normal
Priority P
Component All Bugs
Assignee lldb-dev@lists.llvm.org
Reporter demiobenour@gmail.com
CC llvm-bugs@lists.llvm.org
Classification Unclassified

As I understand it LLDB uses a client-server architecture.  The client and
server communicate over TCP sockets.

This is insecure.  When the client and server are on the same machine and the
socket bound to localhost, this allows local execution of arbitrary code by an
unpriviliged and untrusted user distinct from the user LLDB is running as. 
When the client and server are on different machines, this allows for remote
execution of arbitrary code.

LLDB needs to ensure strong authentication (and, in the remote case,
encryption) of all messages.  This can be done by using SSH.  In the local
case, the best answer is to use Unix domain sockets in a secure directory (on
*nix) or named pipes with a restrictive (non-default) ACL plus authentication
of the server to the client (perhaps by demanding that the server HMAC a random
client-generated string using a key found in a temporary file only the client's
user has access to).

As I understand it LLDB uses an auth hash currently.  This works on localhost
only, but it would be better to HMAC every message.