From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by sourceware.org (Postfix) with ESMTPS id B139C3847725 for ; Wed, 3 Apr 2024 14:58:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B139C3847725 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B139C3847725 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712156326; cv=none; b=YWp9mGuScKi9WZb2GEC2Fx/ymGfUFgKsE8O0wxrhpfoSYR8y0W4AT2OEhacmr19MskI4qlU5kcWtwtqS/CY/2f3fhrKFD44jkP6kotwgiX4L/zKFwmesVV3xlapdjSdB9G1NKU7wwuBU6sDLZfkmTT8zlDC2NQKAwOKbRhh/yc4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712156326; c=relaxed/simple; bh=9f3Bwbp2pnCbQlSfyR/u89/XBznuCepgB3r7yHLmp10=; h=DKIM-Signature:DKIM-Signature:Date:From:To:Subject:Message-ID: MIME-Version; b=qGBqHA9CEG9YG/UKl45dk4KbcXACq3nUKcitXHl7jeASo6p4rr5C+/5QHN74jmH4SbTn8iN3ZGqm0tFWRwShkTEceuc5H2Et8SODQiWAy8FjqtjIbuzpKLD1kjd8efcqWj/NvCK5XGb1YMq9egRI+T3NgqtM1TrM5C1rmRnZ4PU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from knuth.suse.de (unknown [10.168.5.16]) by smtp-out1.suse.de (Postfix) with ESMTP id BEB31371C8; Wed, 3 Apr 2024 14:58:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1712156323; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=viMeqv1dvo3mWEnalr9GvVJZynHGV62wLOIWWDPxpYU=; b=xVWLLF26+R7nbmjo3PtTB4lZI84g6pjba6Faka8Da4NeFA11XxY8qgM1UyBGCFDcNSGYFE 3V5+Ol46ji89i/PpkZK7R25ifllho4DuZ1LPzREVavfdjQ8USlfAUUEnz5pCbU7tbVtqK+ siCuYMcFtoqaaMhBc1z8Tl6UvdovJ+Y= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1712156323; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=viMeqv1dvo3mWEnalr9GvVJZynHGV62wLOIWWDPxpYU=; b=ofiIa8M7Nb0Dw7G0ijMdtD0ESDjNyj2404wIdooA9gjMEpM2y4BMbPLQ0socDeIxzMybd7 QNlJYMdiHp/O9oDQ== Authentication-Results: smtp-out1.suse.de; none Received: by knuth.suse.de (Postfix, from userid 10510) id AF803345740; Wed, 3 Apr 2024 16:58:13 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by knuth.suse.de (Postfix) with ESMTP id 9E97A34573F; Wed, 3 Apr 2024 16:58:13 +0200 (CEST) Date: Wed, 3 Apr 2024 16:58:13 +0200 (CEST) From: Michael Matz To: Orlando Arias cc: binutils@sourceware.org Subject: Re: Remove dependency on libjansson In-Reply-To: <9088ad35-cc8d-4ad8-8b9b-5979dbb7baa1@gmail.com> Message-ID: References: <877chhe80o.fsf@gentoo.org> <9088ad35-cc8d-4ad8-8b9b-5979dbb7baa1@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spamd-Result: default: False [-0.29 / 50.00]; NEURAL_HAM_SHORT(-0.20)[-0.990]; RCVD_NO_TLS_LAST(0.10)[]; MIME_GOOD(-0.10)[text/plain]; BAYES_HAM(-0.10)[65.01%]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; MISSING_XM_UA(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FUZZY_BLOCKED(0.00)[rspamd.com]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FREEMAIL_ENVRCPT(0.00)[gmail.com] X-Spam-Score: -0.29 X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hello, On Tue, 2 Apr 2024, Orlando Arias wrote: > Greetings, > > On 4/2/24 5:40 AM, Rui Ueyama wrote: > > We have discussed various topics already, and I don't think there's a > > single answer because this is all about engineering tradeoffs. > > > > I'd like to hear from other devs who are following this thread if there are > > any. > > I am not a developer but I am a security researcher. The dependency as > it is should be left in for a simple reason: you should always sanitize > your inputs [1]. Indeed. But note that you're saying something else than what you wanted to say :) For ld the input here is "blob of bytes". That it's actually JSON (or claims to be!) is a matter for the processor of these .note sections. _Those_ need to check the contents of them for being proper JSON themself. They cannot rely on ld having produced "correct" .note sections anyway. They could have been produced by bad tools, or retroactively be mangled. So, as such checking in the consumer tools for the .notes cannot be avoided the early checking at producer time is a bit wasteful, and from a security perspective achieves exactly nothing. (FWIW, for openSUSE I've disabled this all (or rather, didn't enable it) as I don't want libjansson in the bootstrap pkgbuild cycle just for this. Supply chain attacks or similar weren't my reason back then, and aren't now :) ) Ciao, Michael.