Post B0qbLLaavH5d3LA6ro by wingo@mastodon.social
 (DIR) More posts by wingo@mastodon.social
 (DIR) Post #B0qbLIxWhYeOtarsh6 by wingo@mastodon.social
       2025-12-02T08:17:01Z
       
       0 likes, 0 repeats
       
       just saw someone argue that llvm cannot be used as backend for a wasm compiler that processes untrusted input, because "a maliciously crafted C, Rust or bitcode input file can cause arbitrary code to execute in LLVM" (https://llvm.org/docs/Security.html#what-is-considered-a-security-issue)what do we think, chat
       
 (DIR) Post #B0qbLKOrLQ6nMefDw8 by andrewrk@mastodon.social
       2025-12-02T17:56:25Z
       
       0 likes, 0 repeats
       
       @wingo reasonable concern, if you're running the compiler in a trusted environment against untrusted code.Not necessarily because LLVM is implemented in C++, but because the project declares security a non-goal for the compiler code (according to your link)
       
 (DIR) Post #B0qbLLaavH5d3LA6ro by wingo@mastodon.social
       2025-12-02T18:00:01Z
       
       0 likes, 0 repeats
       
       @andrewrk but this is wild, there’s nothing different about a compiler here than, like, notepad reading untrusted txt files; seems like quite the capitulation
       
 (DIR) Post #B0qbLMLO7IWJOT3Tns by andrewrk@mastodon.social
       2025-12-02T19:14:06Z
       
       1 likes, 0 repeats
       
       @wingo I completely agree - I think they should choose to have security as a goal also for the compiler pipeline