From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from resqmta-c1p-024061.sys.comcast.net (resqmta-c1p-024061.sys.comcast.net [IPv6:2001:558:fd00:56::6]) by sourceware.org (Postfix) with ESMTPS id 699BA3857717 for ; Thu, 13 Apr 2023 17:38:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 699BA3857717 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=comcast.net Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=comcast.net Received: from resomta-c1p-023265.sys.comcast.net ([96.102.18.226]) by resqmta-c1p-024061.sys.comcast.net with ESMTP id mx0gpTDMFGE7Kn0tWpJvqA; Thu, 13 Apr 2023 17:38:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=20190202a; t=1681407482; bh=Fs6DfN5PY1dzfxUOzpaXPoRltLzpYFELldalhDZsQVw=; h=Received:Received:Content-Type:Mime-Version:Subject:From:Date: Message-Id:To:Xfinity-Spam-Result; b=j1YAluA2LxoAqk+XMeG4lky+72nmCPT0kuDCgsHWIeynyqEzzbaBZ3Wd1dsSZmIJ3 +1ghWbfnlwIvYnqq3WkY2fO45HUEc1BHuQso/JOWLCSCGXVBrXAzYo4FTQcbUxoiwV ud7oc7/eTiO+qTiQlyXXxo5oeJNekWjXAUVkyznM9HQuv6RdrHvkucU9XWMDmabihO uddXGxlM+xX3NkCM3TjuNWgh1RVAywHmXT5+kBBL/9iP5qmX5dCsZoR30Zpg5x9uNs E9ddRMXKu2BGmF5Y11WHkmQHh39xyLAlrU6HK0/CjKu1CNjxgFWR0fkskP6P03uWXA iUhNmDST0gKiQ== Received: from smtpclient.apple ([73.60.223.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by resomta-c1p-023265.sys.comcast.net with ESMTPSA id n0tTp4dgnYkwGn0tUppS0Q; Thu, 13 Apr 2023 17:38:01 +0000 X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedvhedrvdekkedgudduiecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpegtggfuhfgjffevgffkfhfvofesthhqmhdthhdtvdenucfhrhhomheprfgruhhlucfmohhnihhnghcuoehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvtheqnecuggftrfgrthhtvghrnhepveekveelffeliefgiedufeehgeejtdfhgedujeehueekiedtgfetffevgffggfdvnecukfhppeejfedriedtrddvvdefrddutddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohepshhmthhptghlihgvnhhtrdgrphhplhgvpdhinhgvthepjeefrdeitddrvddvfedruddtuddpmhgrihhlfhhrohhmpehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvthdpnhgspghrtghpthhtohephedprhgtphhtthhopehsihguughhvghshhesghhothhplhhtrdhorhhgpdhrtghpthhtoheprhhitghhrghrugdrvggrrhhnshhhrgifsehfohhsshdrrghrmhdrtghomhdprhgtphhtthhopehnihgtkhgtsehrvgguhhgrthdrtghomhdprhgtphhtthhopegsihhnuhhtihhlshesshhouhhrtggvfigrrhgvrdhorhhgpdhrtghpthhtohepghgusgesshhouhhrtggvfigrrhgvrdhorhhg X-Xfinity-VMeta: sc=-100.00;st=legit Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\)) Subject: Re: RFC: Adding a SECURITY.md document to the Binutils From: Paul Koning In-Reply-To: Date: Thu, 13 Apr 2023 13:37:59 -0400 Cc: Richard Earnshaw , Nick Clifton , Binutils , "gdb@sourceware.org" Content-Transfer-Encoding: quoted-printable Message-Id: <2FDDD795-B713-41B8-A650-1CA06F027416@comcast.net> References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com> <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org> <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com> <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org> <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com> <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org> <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org> <1F7CF3D5-5AC3-4832-BE19-60F956A047F7@comcast.net> To: Siddhesh Poyarekar X-Mailer: Apple Mail (2.3696.120.41.1.3) X-Spam-Status: No, score=1.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,MEDICAL_SUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: > On Apr 13, 2023, at 1:29 PM, Siddhesh Poyarekar = wrote: >=20 > On 2023-04-13 13:05, Paul Koning wrote: >>> On Apr 13, 2023, at 1:00 PM, Siddhesh Poyarekar = wrote: >>>=20 >>> On 2023-04-13 12:49, Paul Koning wrote: >>>> If someone sends me an executable file, and I execute it and suffer = a virus, shame on me. If someone sends me a C source file and I compile = and link that BUT DO NOT EXECUTE the resulting executable, and I suffer = a virus, shame on the tool. >>>=20 >>> If someone sends me a C source file and I compile and link it = without inspecting it first, then definitely shame on me again. = Compilers and linkers assume *trusted* input. >> That's news to me. >> It is true that not all text is valid C, and some text has = "undefined" behavior. But "undefined" is a property of the resulting = executable program, NOT of the act of compiling it. I have never before = seen anyone suggest that submitting a bad program to a compiler could = reasonably be expected to result in that compiler attacking the security = of your system, or that if it did so it wouldn't be a security bug in = that compiler. >=20 > I haven't seen anyone suggest (and have seen many balk at) the idea of = crashes/buffer overruns in compilers being considered security issues.=20= Not all buffer overruns cause security issues. Those that crash the = program with the buffer overrun are not security issues (unless you're = considering the category of Denial of Service attacks). But a buffer = overrun that enables the execution of arbitrary code IS a security = issue. Who do you know to "balk at" that principle? This is no different from how one analyzes buffer overruns in networking = applications. If the consequence of the error is nothing worse than an = abort of that application, it's DoS and would typically not be = considered serious. If it allows code to be inserted and executed in = the context of the application, then that is serious and is a security = defect. The same goes for any other application whose specification = says that it processes -- but does not execute -- its inputs. paul