From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=tYGK=AD=comcast.net=paulkoning@sourceware.org>
Received: from resdmta-c1p-023853.sys.comcast.net (resdmta-c1p-023853.sys.comcast.net [IPv6:2001:558:fd00:56::e])
	by sourceware.org (Postfix) with ESMTPS id BB7F83858C54
	for <binutils@sourceware.org>; Wed, 12 Apr 2023 16:58:42 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BB7F83858C54
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=comcast.net
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=comcast.net
Received: from resomta-c1p-023810.sys.comcast.net ([96.102.18.241])
	by resdmta-c1p-023853.sys.comcast.net with ESMTP
	id mbGEp2A0FpIiwmdntpWIHK; Wed, 12 Apr 2023 16:58:41 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net;
	s=20190202a; t=1681318721;
	bh=ehOxAiJlVNYfD2vdJhdpzCtnRsd7OfJ+nZo5GgIOHRc=;
	h=Received:Received:Content-Type:Mime-Version:Subject:From:Date:
	 Message-Id:To:Xfinity-Spam-Result;
	b=a2hVGHMBm3eTu28Mm/RxgzjprEiUxnEG/kPWqAhhv3gWsBgyUO2WE518aR9R6MTlE
	 nTUMB7SCU+Kx6XGSQcQXYajTJIl/iMYbNxMHZfj3tWEDU34XjGVpwmehO5xSsiXVkf
	 VTMDGMn1IbaR9C9jClCu4mxUA5wrUIzJkXwu45vyhRVy4hQbf2YSpxDcQt1byNG0Ct
	 icIfVPztp71FqzfEyXpm1qKl+dzrfhyGmD3yx0rn2YSJzrdAn/BETgTupGT2vy15Rk
	 FEj4QzQiFVM/VEl5kFeb91hjvPBjkVKjRv1E4hmgWekMPz0OJX8KQJeRfp9Pl4uV+S
	 OJkSFsPYxa2ug==
Received: from smtpclient.apple ([73.60.223.101])
	by resomta-c1p-023810.sys.comcast.net with ESMTPSA
	id mdnrp5qVEa62tmdnspD7vM; Wed, 12 Apr 2023 16:58:41 +0000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedvhedrvdekiedguddtlecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpegtggfuhfgjffevgffkfhfvofesthhqmhdthhdtvdenucfhrhhomheprfgruhhlucfmohhnihhnghcuoehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvtheqnecuggftrfgrthhtvghrnhepveekveelffeliefgiedufeehgeejtdfhgedujeehueekiedtgfetffevgffggfdvnecukfhppeejfedriedtrddvvdefrddutddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohepshhmthhptghlihgvnhhtrdgrphhplhgvpdhinhgvthepjeefrdeitddrvddvfedruddtuddpmhgrihhlfhhrohhmpehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvthdpnhgspghrtghpthhtohephedprhgtphhtthhopehrihgthhgrrhgurdgvrghrnhhshhgrfiesfhhoshhsrdgrrhhmrdgtohhmpdhrtghpthhtohepshhiugguhhgvshhhsehgohhtphhlthdrohhrghdprhgtphhtthhopehnihgtkhgtsehrvgguhhgrthdrtghomhdprhgtphhtthhopegsihhnuhhtihhlshesshhouhhrtggvfigrrhgvrdhorhhgpdhrtghpthhtohepghgusgesshhouhhrtggvfigrrhgvrdhorhhg
X-Xfinity-VMeta: sc=-100.00;st=legit
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.3\))
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
From: Paul Koning <paulkoning@comcast.net>
In-Reply-To: <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com>
Date: Wed, 12 Apr 2023 12:58:39 -0400
Cc: Siddhesh Poyarekar <siddhesh@gotplt.org>,
 Nick Clifton <nickc@redhat.com>,
 Binutils <binutils@sourceware.org>,
 "gdb@sourceware.org" <gdb@sourceware.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3A484AE1-77A9-47F4-A4F4-E8C5A333DB7C@comcast.net>
References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com>
 <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com>
 <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org>
 <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com>
To: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
X-Mailer: Apple Mail (2.3696.120.41.1.3)
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,MEDICAL_SUBJECT,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>



> On Apr 12, 2023, at 12:52 PM, Richard Earnshaw via Gdb =
<gdb@sourceware.org> wrote:
>=20
> On 12/04/2023 17:26, Siddhesh Poyarekar wrote:
>> ...
>> Ack, I reckon this should be addressed by "corrupt output files from =
valid trusted inputs".  If that's not clear enough, could you suggest =
alternative phrasing that makes it clearer?
>=20
> I'm not sure corrupt is general enough.  Each instruction in the =
binary might be completely legal, but their sequencing could leave some =
vulnerabilities (think spectre, for example, but that's pretty extreme).
>=20
> Perhaps something like "... this means that the tools introduce a =
vulnerability in the output file that was not present in the input files =
being processed".  I think with that wording you probably don't even =
need the last sentence in the first paragraph.

I agree.  The scenario in "Reflections on trusting trust", Ken =
Thompson's famous paper, comes to mind.  It might be worth adding that =
as a reference.

	paul