From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 2639D3858D20; Fri, 14 Apr 2023 13:12:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2639D3858D20 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=foss.arm.com Authentication-Results: sourceware.org; spf=none smtp.mailfrom=foss.arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 69ABB2F4; Fri, 14 Apr 2023 06:13:36 -0700 (PDT) Received: from [10.2.78.76] (unknown [10.2.78.76]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3F48F3F6C4; Fri, 14 Apr 2023 06:12:51 -0700 (PDT) Content-Type: multipart/mixed; boundary="------------YkE3LnRF80qgBaACdHb6AW0P" Message-ID: <032c1307-c143-3f2c-0502-683d966f0257@foss.arm.com> Date: Fri, 14 Apr 2023 14:12:50 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Content-Language: en-GB To: Binutils Mailing List , gdb@sourceware.org Cc: Siddhesh Poyarekar , Nick Clifton From: Richard Earnshaw Subject: Threat model for GNU Binutils X-Spam-Status: No, score=-3489.0 required=5.0 tests=BAYES_00,KAM_ASCII_DIVIDERS,KAM_DMARC_STATUS,KAM_LAZY_DOMAIN_SECURITY,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This is a multi-part message in MIME format. --------------YkE3LnRF80qgBaACdHb6AW0P Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit OK, I think it's time to take a step back. If we are to have a security policy, I think we first need a threat model. Without it, we can't really argue about what we're trying to protect against. So the attached is my initial stab at trying to write down a threat model. Some of this is subjective, but I'm trying to be reasonably realistic. Most of these threats are really quite low in comparison to other tools and services that run on your computer. In practice, you then take the model and the impact/likelihood matrix and decide what level of actions are needed for each combination - whether it be from pre-emptive auditing through fixing bugs if found down to do nothing. But that's the step after we have the model agreed. If you can think of threats I've missed (quite likely, I haven't thought about this for long enough), then please suggest additions. R. --------------YkE3LnRF80qgBaACdHb6AW0P Content-Type: text/plain; charset=UTF-8; name="binutils-threats.txt" Content-Disposition: attachment; filename="binutils-threats.txt" Content-Transfer-Encoding: base64 VGhyZWF0IG1vZGVsIGZvciBHTlUgQmludXRpbHMKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KClRoZSBmb2xsb3dpbmcgcG90ZW50aWFsIHNlY3VyaXR5IHRocmVhdHMgaGF2ZSBi ZWVuIGlkZW50aWZpZWQgaW4gR05VCkJpbnV0aWxzLiAgTm90ZSB0aGF0IHRoaXMgZG9lcyBu b3QgbWVhbiB0aGF0IHN1Y2ggYSB2dWxuZXJhYmlsaXR5IGlzCmtub3duIHRvIGV4aXN0LgoK VGhyZWF0cyBhcmlzaW5nIGZyb20gZXhlY3V0aW9uIG9mIHRoZSBHTlUgQmludXRpbHMgcHJv Z3JhbXMKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0KCjEpIFByaXZpbGVnZSBlc2NhbGF0aW9uLgoKICBOYXR1cmU6CiAgQSBi dWcgaW4gdGhlIHRvb2xzIGFsbG93cyB0aGUgdXNlciB0byBnYWluIHByaXZpbGVnZXMgdGhh dCB0aGV5IGRpZCBub3QKICBhbHJlYWR5IGhhdmUuCgogIExpa2VsaWhvb2Q6IExvdyAtIHRv b2xzIGRvIG5vdCBydW4gd2l0aCBlbGV2YXRlZCBwcml2aWxlZ2VzLCBzbyB0aGlzCiAgd291 bGQgbW9zdCBsaWtlbHkgaW52b2x2ZSBhIGJ1ZyBpbiB0aGUga2VybmVsLgoKICBJbXBhY3Q6 IENyaXRpY2FsCgogIE1pdGlnYXRpb246IE5vbmUKCjIpIERlbmlhbCBvZiBzZXJ2aWNlCgog IE5hdHVyZToKICBBIGJ1ZyBpbiB0aGUgdG9vbHMgbGVhZHMgdG8gcmVzb3VyY2VzIGluIHRo ZSBzeXN0ZW0gYmVjb21pbmcKICB1bmF2YWlsYWJsZSBvbiBhIHRlbXBvcmFyeSBvciBwZXJt YW5lbnQgYmFzaXMKCiAgTGlrZWxpaG9vZDogTG93CgogIEltcGFjdDogTG93IC0gdG9vbHMg YXJlIG5vcm1hbGx5IHJ1biB1bmRlciBsb2NhbCB1c2VyIGNvbnRyb2wgYW5kCiAgbm90IGFz IGRhZW1vbnMuCgogIE1pdGlnYXRpb246IHNhbmRib3hpbmcgaWYgYWNjZXNzIHRvIHRoZSB0 b29scyBmcm9tIGEgdGhpcmQgcGFydHkgaXMKICBuZWVkZWQgKGVnIGEgd2ViIHNlcnZpY2Up LgoKMykgRGF0YSBjb3JydXB0aW9uIGxlYWRzIHRvIHVuY29udHJvbGxlZCBwcm9ncmFtIGV4 ZWN1dGlvbi4KCiAgTmF0dXJlOgogIEEgYnVnIHN1Y2ggYXMgdW5jb25zdHJhaW5lZCBidWZm ZXIgb3ZlcmZsb3cgY291bGQgbGVhZCB0byBhIFJPUCBvciBKT1AKICBzdHlsZSBhdHRhY2sg aWYgbm90IGZ1bGx5IGNvbnRhaW5lZC4gIE9uY2UgaW4gY29udHJvbCBhbiBhdHRhY2tlcgog IG1pZ2h0IGJlIGFibGUgdG8gYWNjZXNzIGFueSBmaWxlIHRoYXQgdGhlIHVzZXIgcnVubmlu ZyB0aGUgcHJvZ3JhbSBoYXMKICBhY2Nlc3MgdG8uCgogIExpa2VsaWhvb2Q6IE1vZGVyYXRl CgogIEltcGFjdDogSGlnaAoKICBNaXRpZ2F0aW9uOiBzYW5kYm94aW5nIGNhbiBoZWxwIGlm IGFuIGF0dGFja2VyIGhhcyBkaXJlY3QgY29udHJvbAogIG92ZXIgaW5wdXRzIHN1cHBsaWVk IHRvIHRoZSB0b29scyBvciBpbiBjYXNlcyB3aGVyZSB0aGUgaW5wdXRzIGFyZQogIHBhcnRp Y3VsYXJseSB1bnRydXN0d29ydGh5LCBidXQgaXMgbm90IHByYWN0aWNhbCBkdXJpbmcgbm9y bWFsCiAgdXNhZ2UuCgpUaHJlYXRzIGFyaXNpbmcgZnJvbSBleGVjdXRpb24gb2Ygb3V0cHV0 IHByb2R1Y2VkIGJ5IEdOVSBCaW51dGlscyBwcm9ncmFtcwotLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LQoKTm90ZSBmb3IgdGhpcyBjYXRlZ29yeSB3ZSBleHBsaWNpdGx5IGV4Y2x1ZGUgdGhyZWF0 cyB0aGF0IGV4aXN0IGluIHRoZQppbnB1dCBmaWxlcyBzdXBwbGllZCB0byB0aGUgdG9vbHMg YW5kIG9ubHkgY29uc2lkZXIgdGhyZWF0cyBpbnRyb2R1Y2VkCmJ5IHRoZSB0b29scyB0aGVt c2VsdmVzLgoKMSkgSW5jb3JyZWN0IGdlbmVyYXRpb24gb2YgbWFjaGluZSBpbnN0cnVjdGlv bnMgbGVhZHMgdG8gdW5pbnRlbmRlZApwcm9ncmFtIGJlaGF2aW9yLgoKICBOYXR1cmU6CiAg TWFueSBhcmNoaXRlY3R1cmVzIGhhdmUgJ2Rvbid0IGNhcmUnIGJpdHMgaW4gdGhlIG1hY2hp bmUgaW5zdHJ1Y3Rpb25zLgogIEdlbmVyYWxseSB0aGUgYXJjaGl0ZWN0dXJlIHdpbGwgc3Bl Y2lmeSB0aGUgdmFsdWUgdGhhdCBzdWNoIGJpdHMgaGF2ZSwKICBsZWF2aW5nIHJvb20gZm9y IGZ1dHVyZSBleHBhbnNpb24gb2YgdGhlIGluc3RydWN0aW9uIHNldC4gIElmIHRvb2xzIGRv CiAgbm90IGNvcnJlY3RseSBzZXQgdGhlc2UgYml0cyB0aGVuIGEgcHJvZ3JhbSBtYXkgZXhl Y3V0ZSBjb3JyZWN0bHkgb24KICBzb21lIG1hY2hpbmVzLCBidXQgZmFpbCBvbiBvdGhlcnMu CgogIExpa2VsaWhvb2Q6IExvdwoKICBJbXBhY3Q6IE1vZGVyYXRlIC0gdGhpcyBpcyB1bmxp a2VseSB0byBsZWFkIHRvIGFuIGV4cGxvaXQsIGJ1dCBtaWdodCBsZWFkCiAgdG8gRG9TIGlu IHNvbWUgY2FzZXMuCgogIE1pdGlnYXRpb246IGNyb3NzIHRlc3RpbmcgZ2VuZXJhdGVkIG91 dHB1dCBhZ2FpbnN0IHRoaXJkLXBhcnR5IHRvb2xjaGFpbgogIGltcGxlbWVudGF0aW9ucy4K CjIpIENvZGUgZGlyZWN0bHkgZ2VuZXJhdGVkIGJ5IHRoZSB0b29scyBjb250YWlucyBhIHZ1 bG5lcmFiaWxpdHkKCiAgTmF0dXJlOgogIFRoZSB2YXN0IG1ham9yaXR5IG9mIGNvZGUgb3V0 cHV0IGZyb20gdGhlIHRvb2xzIGNvbWVzIGZyb20gdGhlIGlucHV0CiAgZmlsZXMgc3VwcGxp ZWQsIGJ1dCBhIHNtYWxsIGFtb3VudCBvZiAnZ2x1ZScgY29kZSBtaWdodCBiZSBuZWVkZWQg aW4KICBzb21lIGNhc2VzLCBmb3IgZXhhbXBsZSB0byBlbmFibGUganVtcGluZyB0byBhbm90 aGVyIGZ1bmN0aW9uIGluCiAgYW5vdGhlciBwYXJ0IG9mIHRoZSBhZGRyZXNzIHNwYWNlLiAg TGlua2VycyBhcmUgYWxzbyBzb21ldGltZXMgYXNrZWQKICB0byBpbmplY3QgbWl0aWdhdGlv bnMgZm9yIGtub3duIENQVSBlcnJhdGEgd2hlbiB0aGlzIGNhbm5vdCBiZSBkb25lCiAgZHVy aW5nIHRoZSBjb21waWxhdGlvbiBwaGFzZS4KCiAgTGlrZWxpaG9vZDogbG93CgogIEltcGFj dDogbW9zdGx5IGxvdyAtIHRoZSBhbW91bnQgb2YgY29kZSBnZW5lcmF0ZWQgaXMgdmVyeSBz bWFsbCBhbmQKICB1bmxpa2VseSB0byBpbnZvbHZlIGJ1ZmZlcnMgdGhhdCBjb250YWluIHJp c2t5IGRhdGEsIHNvIHRoZSBjaGFuY2VzIG9mCiAgdGhpcyBkaXJlY3RseSBsZWFkaW5nIHRv IGEgdnVsbmVyYWJpbGl0eSBpcyBsb3cuCgogIE1pdGlnYXRpb246IG1vbml0b3IgZm9yIHBy b2Nlc3NvciB2ZW5kb3IgdnVsbmVyYWJpbGl0aWVzIGFuZCBhZGp1c3QgdG9vbAogIGNvZGUg Z2VuZXJhdGlvbiBpZiBuZWVkZWQuCg== --------------YkE3LnRF80qgBaACdHb6AW0P--