Thread: Compiling whats held in an array

Hi all,
I have an unusual request. Does anyone know a way to compile a C program from within another program - when the source code to compile is held in an array. In other words is there a gcc function in the c library, like gcc(source_array, output_array);

What I'm trying to avoid is having to put the source code into a file and have it saved on the local hardrive. Instead I would like to be able to just have the c source code read in through the internet (via FTP) and then directly compile it and only ouput a executable file. This is for security reasons mainly to avoid the original source code from having to be saved onto the local server. Anyone know if this can be done?

I don't think there is a compiler that allows you to compile code without having a file that is accessible locally.

What you CAN do (assuming your target system is using gcc) is to produce the precompiled output by passing it through:

Code:

$ someprog | gcc -E  > myfile.i && gcc myfile.i

The other option is that you replicate the server system locally, and compile to the executable format there, then transfer the executable file.

--
Mats

matsp thank you for your response. Nice to have someone thinking of a solution also. Please keep thinking

Actually I was thinking.

Could I use file locking to prevent the downloaded source file from being read or used by any other process on the server? Say lock the file immediately and then complie it (using popen) and then immediately after delete it? Do you think that would be a secure method? Is there anyway a root user on the local system could find out the file I have open and somehow copy it during the time gcc is running? I guess with ptrace() anything is possible for the root user on a server?

You could possibly produce the file with "read-sharing", and keep the file open for "write-exclusive" - this way, the compiler is able to read the file, but noone can write to the file (unless the system has been modified inside the kernel - and if that's the case, nothing is safe).

There is of course no method that can prevent root from seeing a file existing on the system, or prevent root from copying a file that can be read [1]. But someone with root priviliges should be possible to trust, don't you think? I mean you don't normally get root priviliges in your corn-flakes box.

Of course, also beware that the compiler can be modified - ok, so maybe you need someone with the brain size of half a planet to make meaningfull changes to GCC, but it's still a possibility.

And of course, there is always the option that if you produce an executable file that you put somewhere in the system, that it later on gets replaced by some other file by someone with sufficient privileges to do such replacement (e.g. root).

[1] And the file needs to be readable for gcc to be able to compile it - otherwise gcc can't open the file in itself. gcc will also commonly produce temporary files, from which a source can be derived, such as the "myfile.i" that is produced by the preprocessor.

--
Mats

1. You pretty much have to save the source to a file to compile it, it's just the way compilers work.
2. You can't be sure that someone has aliased the remote gcc to say make copies of any files.

The way other people do this is to "shroud" the source in some way.

Originally Posted by gimpel.com

FlexeLint is distributed as obfuscated C source code on CD-ROM or via download.

One such tool (after a brief search) may be http://www.hallogram.com/codefix/, but I'm sure there are others.