| 12
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 
 | 
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>LLVM Security Group — LLVM 13 documentation</title>
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="_static/llvm-theme.css" type="text/css" />
    <script id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
    <script src="_static/jquery.js"></script>
    <script src="_static/underscore.js"></script>
    <script src="_static/doctools.js"></script>
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Segmented Stacks in LLVM" href="SegmentedStacks.html" />
    <link rel="prev" title="MemTagSanitizer" href="MemTagSanitizer.html" />
<style type="text/css">
  table.right { float: right; margin-left: 20px; }
  table.right td { border: 1px solid #ccc; }
</style>
  </head><body>
<div class="logo">
  <a href="index.html">
    <img src="_static/logo.png"
         alt="LLVM Logo" width="250" height="88"/></a>
</div>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="SegmentedStacks.html" title="Segmented Stacks in LLVM"
             accesskey="N">next</a> |</li>
        <li class="right" >
          <a href="MemTagSanitizer.html" title="MemTagSanitizer"
             accesskey="P">previous</a> |</li>
  <li><a href="https://llvm.org/">LLVM Home</a> | </li>
  <li><a href="index.html">Documentation</a>»</li>
          <li class="nav-item nav-item-1"><a href="Reference.html" accesskey="U">Reference</a> »</li>
        <li class="nav-item nav-item-this"><a href="">LLVM Security Group</a></li> 
      </ul>
    </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
<h3>Documentation</h3>
<ul class="want-points">
    <li><a href="https://llvm.org/docs/GettingStartedTutorials.html">Getting Started/Tutorials</a></li>
    <li><a href="https://llvm.org/docs/UserGuides.html">User Guides</a></li>
    <li><a href="https://llvm.org/docs/Reference.html">Reference</a></li>
</ul>
<h3>Getting Involved</h3>
<ul class="want-points">
    <li><a href="https://llvm.org/docs/Contributing.html">Contributing to LLVM</a></li>
    <li><a href="https://llvm.org/docs/HowToSubmitABug.html">Submitting Bug Reports</a></li>
    <li><a href="https://llvm.org/docs/GettingInvolved.html#mailing-lists">Mailing Lists</a></li>
    <li><a href="https://llvm.org/docs/GettingInvolved.html#irc">IRC</a></li>
    <li><a href="https://llvm.org/docs/GettingInvolved.html#meetups-and-social-events">Meetups and Social Events</a></li>
</ul>
<h3>Additional Links</h3>
<ul class="want-points">
    <li><a href="https://llvm.org/docs/FAQ.html">FAQ</a></li>
    <li><a href="https://llvm.org/docs/Lexicon.html">Glossary</a></li>
    <li><a href="https://llvm.org/pubs">Publications</a></li>
    <li><a href="https://github.com/llvm/llvm-project//">Github Repository</a></li>
</ul>
  <div role="note" aria-label="source link">
    <h3>This Page</h3>
    <ul class="this-page-menu">
      <li><a href="_sources/Security.rst.txt"
            rel="nofollow">Show Source</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3 id="searchlabel">Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="search.html" method="get">
      <input type="text" name="q" aria-labelledby="searchlabel" />
      <input type="submit" value="Go" />
    </form>
    </div>
</div>
<script>$('#searchbox').show(0);</script>
        </div>
      </div>
    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
            
  <div class="section" id="llvm-security-group">
<h1>LLVM Security Group<a class="headerlink" href="#llvm-security-group" title="Permalink to this headline">¶</a></h1>
<p>The LLVM Security Group has the following goals:</p>
<ol class="arabic simple">
<li><p>Allow LLVM contributors and security researchers to disclose security-related issues affecting the LLVM project to members of the LLVM community.</p></li>
<li><p>Organize fixes, code reviews, and release management for said issues.</p></li>
<li><p>Allow distributors time to investigate and deploy fixes before wide dissemination of vulnerabilities or mitigation shortcomings.</p></li>
<li><p>Ensure timely notification and release to vendors who package and distribute LLVM-based toolchains and projects.</p></li>
<li><p>Ensure timely notification to users of LLVM-based toolchains whose compiled code is security-sensitive, through the <a class="reference external" href="https://cve.mitre.org">CVE process</a>.</p></li>
<li><p>Strive to improve security over time, for example by adding additional testing, fuzzing, and hardening after fixing issues.</p></li>
</ol>
<p><em>Note</em>: these goals ensure timely action, provide disclosure timing when issues are reported, and respect vendors’ / packagers’ / users’ constraints.</p>
<p>The LLVM Security Group is private. It is composed of trusted LLVM contributors. Its discussions remain within the Security Group (plus issue reporter and key experts) while an issue is being investigated. After an issue becomes public, the entirety of the group’s discussions pertaining to that issue also become public.</p>
<div class="section" id="how-to-report-a-security-issue">
<span id="report-security-issue"></span><h2>How to report a security issue?<a class="headerlink" href="#how-to-report-a-security-issue" title="Permalink to this headline">¶</a></h2>
<p>To report a security issue in the LLVM Project, please <a class="reference external" href="https://bugs.chromium.org/p/llvm/issues/entry">open a new issue</a> in the LLVM project page, on the chromium issue tracker.  Be sure to use the “Security bug report” template.</p>
<p>We aim to acknowledge your report within two business days since you first reach out. If you do not receive any response by then, you can escalate by sending a message to the <a class="reference external" href="https://lists.llvm.org/mailman/listinfo/llvm-dev">llvm-dev mailing list</a> asking to get in touch with someone from the LLVM Security Group. <strong>The escalation mailing list is public</strong>: avoid discussing or mentioning the specific issue when posting on it.</p>
</div>
<div class="section" id="group-composition">
<h2>Group Composition<a class="headerlink" href="#group-composition" title="Permalink to this headline">¶</a></h2>
<div class="section" id="security-group-members">
<h3>Security Group Members<a class="headerlink" href="#security-group-members" title="Permalink to this headline">¶</a></h3>
<p>The members of the group represent a wide cross-section of the community, and meet the criteria for inclusion below. The list is in the format <cite>* ${full_name} (${affiliation}) [${phabricator_username}]</cite>. If a phabricator username for an individual isn’t available, the brackets will be empty.</p>
<ul class="simple">
<li><p>Ahmed Bougacha (Apple) [ab]</p></li>
<li><p>Artur Pilipenko (Azul Systems Inc) [apilipenko]</p></li>
<li><p>Dimitry Andric (individual; FreeBSD) [dim]</p></li>
<li><p>Ed Maste (individual; FreeBSD) [emaste]</p></li>
<li><p>George Burgess IV (Google) [george.burgess.iv]</p></li>
<li><p>Kate McInnes (Apple) []</p></li>
<li><p>Kristof Beyls (ARM) [kristof.beyls]</p></li>
<li><p>Matthew Riley (Google) [mattdr]</p></li>
<li><p>Nikhil Gupta (Nvidia) [nikhgupt]</p></li>
<li><p>Oliver Hunt (Apple) [ojhunt]</p></li>
<li><p>Paul Robinson (Sony) [probinson]</p></li>
<li><p>Peter Smith (ARM) [peter.smith]</p></li>
<li><p>Pietro Albini (individual; Rust) [pietroalbini]</p></li>
<li><p>Serge Guelton (RedHat) [serge-sans-paille]</p></li>
<li><p>Shayne Hiet-Block (Microsoft) [Shayne]</p></li>
<li><p>Steve Klabnik (Oxide Computer Company; Rust) [steveklabnik]</p></li>
<li><p>Tim Penge (Sony) [tpenge]</p></li>
</ul>
</div>
<div class="section" id="criteria">
<h3>Criteria<a class="headerlink" href="#criteria" title="Permalink to this headline">¶</a></h3>
<ul class="simple">
<li><p>Nominees for LLVM Security Group membership should fall in one of these groups:</p>
<ul>
<li><p>Individual contributors:</p>
<ul>
<li><p>Specializes in fixing compiler-based security related issues or often participates in their exploration and resolution.</p></li>
<li><p>Has a track record of finding security vulnerabilities and responsible disclosure of those vulnerabilities.</p></li>
<li><p>Is a compiler expert who has specific interests in knowing about, resolving, and preventing future security vulnerabilities.</p></li>
<li><p>Has actively contributed non-trivial code to the LLVM project in the last year.</p></li>
</ul>
</li>
<li><p>Researchers:</p>
<ul>
<li><p>Has a track record of finding security vulnerabilities and responsible disclosure of those vulnerabilities.</p></li>
<li><p>Is a compiler expert who has specific interests in knowing about, resolving, and preventing future security vulnerabilities.</p></li>
</ul>
</li>
<li><p>Vendor contacts:</p>
<ul>
<li><p>Represents an organization or company which ships products that include their own copy of LLVM. Due to their position in the organization, the nominee has a reasonable need to know about security issues and disclosure embargoes.</p></li>
</ul>
</li>
</ul>
</li>
<li><p>Additionally, the following are necessary but not sufficient criteria for membership in the LLVM Security Group:</p>
<ul>
<li><p>If already in the LLVM Security Group, has actively participated in one (if any) security issue in the last year.</p></li>
<li><p>If already in the LLVM Security Group, has actively participated in most membership discussions in the last year.</p></li>
<li><p>If already in the LLVM Security Group, has actively participated in writing or reviewing a transparency report in the last year.</p></li>
<li><p>When employed by a company or other entity, the parent entity has no more than three members already in the LLVM Security Group.</p></li>
<li><p>When nominated as a vendor contact, their position with that vendor remains the same as when originally nominated.</p></li>
<li><p>Nominees are trusted by existing Security Group members to keep communications embargoed while still active.</p></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="nomination-process">
<h3>Nomination process<a class="headerlink" href="#nomination-process" title="Permalink to this headline">¶</a></h3>
<p>Anyone who feels they meet these criteria can nominate themselves, or may be nominated by a third party such as an existing LLVM Security Group member. The nomination should state whether the nominee is nominated as an individual, researcher, or as a vendor contact. It should clearly describe the grounds for nomination.</p>
<p>For the moment, nominations are generally proposed, discussed, and voted on using Phabricator. An <a class="reference external" href="https://reviews.llvm.org/D99232">example nomination is available here</a>. The use of Phabricator helps keep membership discussions open, transparent, and easily accessible to LLVM developers in many ways. If, for any reason, a fully-world-readable nomination seems inappropriate, you may <a class="reference external" href="https://bugs.chromium.org/p/llvm/issues/entry">open a new issue</a>, and a discussion can be had about the best way to approach nomination, given the constraints that individuals are under.</p>
<p>Our recommended method of nomination may change as our <a class="reference internal" href="#discussion-medium">Discussion Medium</a> story evolves over time.</p>
</div>
<div class="section" id="choosing-new-members">
<h3>Choosing new members<a class="headerlink" href="#choosing-new-members" title="Permalink to this headline">¶</a></h3>
<p>If a nomination for LLVM Security Group membership is supported by a majority of existing LLVM Security Group members, then it carries within five business days unless an existing member of the Security Group objects. If an objection is raised, the LLVM Security Group members should discuss the matter and try to come to consensus; failing this, the nomination will succeed only by a two-thirds supermajority vote of the LLVM Security Group.</p>
</div>
<div class="section" id="accepting-membership">
<h3>Accepting membership<a class="headerlink" href="#accepting-membership" title="Permalink to this headline">¶</a></h3>
<p>Before new LLVM Security Group membership is finalized, the successful nominee should accept membership and agree to abide by this security policy, particularly <a class="reference internal" href="#privileges-and-responsibilities-of-llvm-security-group-members">Privileges and Responsibilities of LLVM Security Group Members</a> below.</p>
</div>
<div class="section" id="keeping-membership-current">
<h3>Keeping Membership Current<a class="headerlink" href="#keeping-membership-current" title="Permalink to this headline">¶</a></h3>
<ul class="simple">
<li><p>At least every six months, the LLVM Security Group applies the above criteria. The membership list is pruned accordingly.</p></li>
<li><p>Any Security Group member can ask that the criteria be applied within the next five business days.</p></li>
<li><p>If a member of the LLVM Security Group does not act in accordance with the letter and spirit of this policy, then their LLVM Security Group membership can be revoked by a majority vote of the members, not including the person under consideration for revocation. After a member calls for a revocation vote, voting will be open for five business days.</p></li>
<li><p>Emergency suspension: an LLVM Security Group member who blatantly disregards the LLVM Security Policy may have their membership temporarily suspended on the request of any two members. In such a case, the requesting members should notify the Security Group with a description of the offense. At this point, membership will be temporarily suspended for five business days, pending outcome of the vote for permanent revocation.</p></li>
<li><p>The LLVM Board may remove any member from the LLVM Security Group.</p></li>
</ul>
</div>
<div class="section" id="transparency-report">
<h3>Transparency Report<a class="headerlink" href="#transparency-report" title="Permalink to this headline">¶</a></h3>
<p>Every year, the LLVM Security Group must publish a transparency report. The intent of this report is to keep the community informed by summarizing the disclosures that have been made public in the last year. It shall contain a list of all public disclosures, as well as statistics on time to fix issues, length of embargo periods, and so on.</p>
</div>
</div>
<div class="section" id="privileges-and-responsibilities-of-llvm-security-group-members">
<h2>Privileges and Responsibilities of LLVM Security Group Members<a class="headerlink" href="#privileges-and-responsibilities-of-llvm-security-group-members" title="Permalink to this headline">¶</a></h2>
<div class="section" id="access">
<h3>Access<a class="headerlink" href="#access" title="Permalink to this headline">¶</a></h3>
<p>LLVM Security Group members will be subscribed to a private <a class="reference internal" href="#discussion-medium">Discussion Medium</a> (<em>FUTURE</em>: see section below). It will be used for technical discussions of security issues, as well as process discussions about matters such as disclosure timelines and group membership. Members have access to all security issues.</p>
</div>
<div class="section" id="confidentiality">
<h3>Confidentiality<a class="headerlink" href="#confidentiality" title="Permalink to this headline">¶</a></h3>
<p>Members of the LLVM Security Group will be expected to treat LLVM security issue information shared with the group as confidential until publicly disclosed:</p>
<ul class="simple">
<li><p>Members should not disclose security issue information to non-members unless both members are employed by the same vendor of a LLVM based product, in which case information can be shared within that organization on a need-to-know basis and handled as confidential information normally is within that organization.</p></li>
<li><p>If the LLVM Security Group agrees, designated members may share issues with vendors of non-LLVM based products if their product suffers from the same issue. The non-LLVM vendor should be asked to respect the issue’s embargo date, and to not share the information beyond the need-to-know people within their organization.</p></li>
<li><p>If the LLVM Security Group agrees, key experts can be brought in to help address particular issues. The key expert should be asked to respect the issue’s embargo date, and to not share the information.</p></li>
</ul>
</div>
<div class="section" id="disclosure">
<h3>Disclosure<a class="headerlink" href="#disclosure" title="Permalink to this headline">¶</a></h3>
<p>Following the process below, the LLVM Security Group decides on embargo date for public disclosure for each Security issue. An embargo may be lifted before the agreed-upon date if all vendors planning to ship a fix have already done so, and if the reporter does not object.</p>
</div>
<div class="section" id="collaboration">
<h3>Collaboration<a class="headerlink" href="#collaboration" title="Permalink to this headline">¶</a></h3>
<p>Members of the LLVM Security Group are expected to:</p>
<ul class="simple">
<li><p>Promptly share any LLVM vulnerabilities they become aware of.</p></li>
<li><p>Volunteer to drive issues forward.</p></li>
<li><p>Help evaluate the severity of incoming issues.</p></li>
<li><p>Help write and review patches to address security issues.</p></li>
<li><p>Participate in the member nomination and removal processes.</p></li>
</ul>
</div>
</div>
<div class="section" id="discussion-medium">
<h2>Discussion Medium<a class="headerlink" href="#discussion-medium" title="Permalink to this headline">¶</a></h2>
<p><em>FUTURE</em>: this section needs more work! Where discussions occur is influenced by other factors that are still open in this document. We can finalize it later.
It seems like bugzilla and email don’t meet security requirements.</p>
<p>The medium used to host LLVM Security Group discussions is security-sensitive. It should therefore run on infrastructure which can meet our security expectations.</p>
<p>We are currently using the <a class="reference external" href="https://crbug.com">chromium issue tracker</a> (as the <cite>llvm</cite> project) to have security discussions:</p>
<ul class="simple">
<li><p>File security issues.</p></li>
<li><p>Discuss security improvements to LLVM.</p></li>
</ul>
<p>When a new issue is filed, a template is provided to help issue reporters provide all relevant information.</p>
<p><em>FUTURE</em>: The <a class="reference external" href="https://help.github.com/en/articles/about-maintainer-security-advisories">Github security</a> workflow allows publicly disclosing resolved security issues on the github project page, and we would be interested in adopting it for that purpose.  However, it does not easily allow confidential reporting of security issues, as creating Github Security Advisories is currently restricted to Github project admins.  That is why we have started with the <a class="reference external" href="https://crbug.com">chromium issue tracker</a> instead.</p>
<p>We also occasionally need to discuss logistics of the LLVM Security Group itself:</p>
<ul class="simple">
<li><p>Nominate new members.</p></li>
<li><p>Propose member removal.</p></li>
<li><p>Suggest policy changes.</p></li>
</ul>
<p>We often have these discussions publicly, in our <a class="reference internal" href="GettingInvolved.html#online-sync-ups"><span class="std std-ref">monthly public sync-up call</span></a> and on public LLVM mailing lists.  For internal or confidential discussions, we also use a private mailing list.</p>
</div>
<div class="section" id="process">
<h2>Process<a class="headerlink" href="#process" title="Permalink to this headline">¶</a></h2>
<p>The following process occurs on the discussion medium for each reported issue:</p>
<ul class="simple">
<li><p>A security issue reporter (not necessarily an LLVM contributor) reports an issue.</p></li>
<li><p>Within two business days, a member of the Security Group is put in charge of driving the issue to an acceptable resolution. This champion doesn’t need to be the same person for each issue. This person can self-nominate.</p></li>
<li><p>Members of the Security Group discuss in which circumstances (if any) an issue is relevant to security, and determine if it is a security issue.</p></li>
<li><p>Negotiate an embargo date for public disclosure, with a default minimum time limit of ninety days.</p></li>
<li><p>Security Group members can recommend that key experts be pulled in to specific issue discussions. The key expert can be pulled in unless there are objections from other Security Group members.</p></li>
<li><p>Patches are written and reviewed.</p></li>
<li><p>Backporting security patches from recent versions to old versions cannot always work. It is up to the Security Group to decide if such backporting should be done, and how far back.</p></li>
<li><p>The Security Group figures out how the LLVM project’s own releases, as well as individual vendors’ releases, can be timed to patch the issue simultaneously.</p></li>
<li><p>Embargo date can be delayed or pulled forward at the Security Group’s discretion.</p></li>
<li><p>The issue champion obtains a CVE entry from <a class="reference external" href="https://cve.mitre.org">MITRE</a>.</p></li>
<li><p>Once the embargo expires, the patch is posted publicly according to LLVM’s usual code review process.</p></li>
<li><p>All security issues (as well as nomination / removal discussions) become public within approximately fourteen weeks of the fix landing in the LLVM repository. Precautions should be taken to avoid disclosing particularly sensitive data included in the report (e.g. username and password pairs).</p></li>
</ul>
</div>
<div class="section" id="changes-to-the-policy">
<h2>Changes to the Policy<a class="headerlink" href="#changes-to-the-policy" title="Permalink to this headline">¶</a></h2>
<p>The LLVM Security Policy may be changed by majority vote of the LLVM Security Group. Such changes also need to be approved by the LLVM Board.</p>
</div>
<div class="section" id="what-is-considered-a-security-issue">
<h2>What is considered a security issue?<a class="headerlink" href="#what-is-considered-a-security-issue" title="Permalink to this headline">¶</a></h2>
<p><em>FUTURE</em>: this section will be expanded once the Security Group is formed, and it agrees on an initial security surface area.</p>
<p>The LLVM Project has a significant amount of code, and not all of it is considered security-sensitive. This is particularly true because LLVM is used in a wide variety of circumstances: there are different threat models, untrusted inputs differ, and the environment LLVM runs in is varied. Therefore, what the LLVM Project considers a security issue is what its members have signed up to maintain securely.</p>
<p>As this security process matures, members of the LLVM community can propose that a part of the codebase be designated as security-sensitive (or no longer security-sensitive). This requires a rationale, and buy-in from the LLVM community as for any RFC. In some cases, parts of the codebase could be handled as security-sensitive but need significant work to get to the stage where that’s manageable. The LLVM community will need to decide whether it wants to invest in making these parts of the code secure-able, and maintain these security properties over time. In all cases the LLVM Security Group should be consulted, since they’ll be responding to security issues filed against these parts of the codebase.</p>
<p>If you’re not sure whether an issue is in-scope for this security process or not, err towards assuming that it is. The Security Group might agree or disagree and will explain its rationale in the report, as well as  update this document through the above process.</p>
<p>The security-sensitive parts of the LLVM Project currently are:</p>
<ul class="simple">
<li><p>None (this process is new, the list hasn’t been populated yet)</p></li>
<li><p><em>FUTURE</em>: this section will be expanded.</p></li>
</ul>
<p>The parts of the LLVM Project which are currently treated as non-security sensitive are:</p>
<ul class="simple">
<li><p>Language front-ends, such as clang, for which a malicious input file can cause undesirable behavior. For example, a maliciously-crafter C or Rust source file can cause arbitrary code to execute in LLVM. These parts of LLVM haven’t been hardened, and compiling untrusted code usually also includes running utilities such as <cite>make</cite> which can more readily perform malicious things.</p></li>
<li><p><em>FUTURE</em>: this section will be expanded.</p></li>
</ul>
</div>
</div>
            <div class="clearer"></div>
          </div>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="SegmentedStacks.html" title="Segmented Stacks in LLVM"
             >next</a> |</li>
        <li class="right" >
          <a href="MemTagSanitizer.html" title="MemTagSanitizer"
             >previous</a> |</li>
  <li><a href="https://llvm.org/">LLVM Home</a> | </li>
  <li><a href="index.html">Documentation</a>»</li>
          <li class="nav-item nav-item-1"><a href="Reference.html" >Reference</a> »</li>
        <li class="nav-item nav-item-this"><a href="">LLVM Security Group</a></li> 
      </ul>
    </div>
    <div class="footer" role="contentinfo">
        © Copyright 2003-2021, LLVM Project.
      Last updated on 2021-09-18.
      Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 3.5.4.
    </div>
  </body>
</html>
 |