From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=B2sM=AF=google.com=iant@sourceware.org>
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532])
	by sourceware.org (Postfix) with ESMTPS id 6ABCC3858D20
	for <binutils@sourceware.org>; Fri, 14 Apr 2023 17:38:11 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6ABCC3858D20
Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com
Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-505934ccc35so2243514a12.2
        for <binutils@sourceware.org>; Fri, 14 Apr 2023 10:38:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1681493889; x=1684085889;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=DxRlHJBxQH8RYW+PYkDwPMVA1YVW1meozG73Q+qKrb4=;
        b=YRKSThnAzF53bCi82s0qTnQ9unSUogDk84JIYMqa02UnDrUviwyhlqtEoKcrHWrHC5
         lIDR3oemai9aJ6vm3duo1jqVgzTVFSTWujQrtyXTFdhGWyyRy8//+i7pkS1Dx6Mw38Qb
         mgmRgv7/XbLUsxD/3NOl7Sv5GUu2g2Sz74tuZd7tsOTc31i6y2qVlJAav1ITW7FiwVK5
         9kB5KDvojt1TH3KhJBt9pslKFp1B+eP7U6AmStn2BIWDl8W8Kn7okDzrEqfkPe1EUioA
         sHuKmahDiNYCkVijbEwhPxFGOpfahS9NMYUidSdvKJMJAmCuXLnMhSqO4f4d4SfE6PzO
         EF5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1681493889; x=1684085889;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=DxRlHJBxQH8RYW+PYkDwPMVA1YVW1meozG73Q+qKrb4=;
        b=SnxwvredXwWPVpdyv6hrhJg9Zs4lvwULHHzB1MTOIRabOD2X+XV88RrOyc/sQvxanC
         Sbhm4awFcmX8+TxxZBWD2uNkgV4Qp1pAxFT5f3f1bnXKJ1sybpdhNeHeAbVL0qf/NgZ6
         OP5Qp1xFdlKResDpVRW2L/3lg8f/9zPLWPNDcb+Mzq+nCHWlkvSoNqaFwDPcQ9EhxbJP
         sJsOA4Eq1vKuxGiMySPv3hbVHtEQGccgKdkJQn279sGNHeY/v6P4Z/ZXDazdcHM6RcqQ
         HJhmbXyZjP93s7uqTGBFzOyxdrWBnQEm99ebuWrRs/wePorFESoc9RNnuWDybgjdyI89
         wq/Q==
X-Gm-Message-State: AAQBX9e9fb14ZxFJFDih4z9gg/9Y+YLnHBA/UR+YQFgjAgSOlSLtIbaG
	E9GwZUA15mMqCVlUD38cmSC1luGYP/xzLPJpkdI+dA==
X-Google-Smtp-Source: AKy350agXoDDGbaPxD5Ku1N3lCrjnVwSTmksxIpADnK0xyk5AM/90VeRx9+qH/m94KRGnc47dwzny8Cf+0p5Mx6TTJE=
X-Received: by 2002:a50:a40d:0:b0:505:98c2:1222 with SMTP id
 u13-20020a50a40d000000b0050598c21222mr3507356edb.0.1681493889323; Fri, 14 Apr
 2023 10:38:09 -0700 (PDT)
MIME-Version: 1.0
References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com>
 <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org>
 <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org>
 <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com> <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org>
 <eaa76d6a-84eb-fa79-5a1a-4953e02ccabc@foss.arm.com> <c9cc65ae-88a4-20ed-ebbe-e05ad99dc8be@gotplt.org>
 <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com> <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org>
 <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com> <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org>
 <fae638f2-333c-1e62-5df4-154c590a862e@foss.arm.com> <d17d09fd-a3be-1e97-2b26-01e8861c6c32@gotplt.org>
 <E76CA0FA-92DC-4AD0-99D1-5A38D3FE749C@comcast.net> <a372dad1-5c51-df93-de11-5becf6c09e02@gotplt.org>
 <E8772797-9BC6-412D-B03B-51151B90D706@comcast.net> <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org>
In-Reply-To: <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org>
From: Ian Lance Taylor <iant@google.com>
Date: Fri, 14 Apr 2023 10:37:57 -0700
Message-ID: <CAKOQZ8w2BY7imHqH9fD=6CgOMw5qgLAwRQ0Ea7hzasUrPRqK3g@mail.gmail.com>
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
To: Siddhesh Poyarekar <siddhesh@gotplt.org>
Cc: Paul Koning <paulkoning@comcast.net>, 
	Richard Earnshaw <Richard.Earnshaw@foss.arm.com>, Nick Clifton <nickc@redhat.com>, 
	Binutils <binutils@sourceware.org>, "gdb@sourceware.org" <gdb@sourceware.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-14.7 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,MEDICAL_SUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <binutils.sourceware.org>

On Thu, Apr 13, 2023 at 10:01=E2=80=AFAM Siddhesh Poyarekar <siddhesh@gotpl=
t.org> wrote:
>
> On 2023-04-13 12:49, Paul Koning wrote:
> > If someone sends me an executable file, and I execute it and suffer a v=
irus, shame on me.  If someone sends me a C source file and I compile and l=
ink that BUT DO NOT EXECUTE the resulting executable, and I suffer a virus,=
 shame on the tool.
>
> If someone sends me a C source file and I compile and link it without
> inspecting it first, then definitely shame on me again.  Compilers and
> linkers assume *trusted* input.

I profoundly disagree with this.

Compilers and linkers must behave in a reasonable manner when given
untrusted input.  Behaving reasonably can of course include failing
with an error message like "program too large", but they must not dump
core and they must not use up all available memory.  They very much
must not have a buffer overflow during compilation that causes them to
execute arbitrary code.  Users should not be expected to run compilers
and linkers in a security sandbox (though it would be acceptable for a
compiler to set up its own security sandbox if that seems useful).

Ian