sammccall planned changes to this revision. sammccall added a comment. @kbobyrev tested this and it turns out we also have to set `$SDKROOT`. And we probably want to fix `clang` in compile_commands.json too.
In D70863#1764785 <https://reviews.llvm.org/D70863#1764785>, @ilya-biryukov wrote: > Another interesting consideration: we choose to ask users to whitelists > compilers we might run from `compile_commands.json` that we can. > We are in a better position here, since we're not running the binaries based > on user input. Interesting idea. Wouldn't mix it with this patch as the purposes don't overlap much... - apple clang in practice won't report the required info to the driver query until the next major xcode release I think (with your driver patch) - the motivating case for this patch is the fallback compile command > Technically, we could consider using the same mechanism for running `xcrun`. > It will probably never be used in practice, though (and we'll have to > whitelist some common `xcrun` binaries anyway). You mean the whitelist? The security risk we were worried about with --query_driver is that compile_commands.json is easily attacker-controlled. The string `xcrun` is fixed, and the attack "put a different xcrun on the user's PATH" requires way more privileges - generally you're owned at that point anyway. I don't think it's worth guarding. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D70863/new/ https://reviews.llvm.org/D70863 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
