public inbox for binutils@sourceware.org
 help / color / mirror / Atom feed
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Alan Modra <amodra@gmail.com>
Cc: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
	Nick Clifton <nickc@redhat.com>,
	Binutils <binutils@sourceware.org>,
	"gdb@sourceware.org" <gdb@sourceware.org>
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Date: Thu, 13 Apr 2023 08:00:26 -0400	[thread overview]
Message-ID: <e51f57f4-d1d0-60f1-cc1b-eb085ee74d8d@gotplt.org> (raw)
In-Reply-To: <ZDeQGsSXpGULbPG6@squeak.grove.modra.org>

On 2023-04-13 01:16, Alan Modra wrote:
>> That's not a crossing of privilege boundaries;
> 
> I know.  Ah, I see.  You were saying that only the very narrow case of
> a privilege escalation will be considered a "security bug".  Fair
> enough I suppose, but that's close to the much simpler and more easily
> understood:
> 
> "binutils makes no claim to being secure, ergo there are no security
> bugs".

More like, "don't put Turing complete interfaces out on the internet 
without sandboxing for everyone to abuse, that's insecure" :)

I hope to put out something similar for gcc too, and pretty much every 
compiler/translator out there because they're not programs that one puts 
out on the internet and think that everything will be OK.  They must be 
sandboxed.  The overzealous CVE assignments are simply wasting 
everyone's time and distracting everyone from actual security issues.

Sid

  reply	other threads:[~2023-04-13 12:00 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-07  8:42 Nick Clifton
2023-04-07 10:36 ` Eli Zaretskii
2023-04-11 13:29   ` Nick Clifton
2023-04-11 14:23     ` Simon Marchi
2023-04-11 15:00       ` Eli Zaretskii
2023-04-11 16:22         ` Nick Clifton
2023-04-11 16:32           ` Matt Rice
2023-04-11 18:18         ` J.W. Jagersma
2023-04-12  8:43           ` Nick Clifton
2023-04-08  6:30 ` Jan Beulich
2023-04-10 18:30 ` John Baldwin
2023-04-20 15:56   ` Nick Clifton
2023-04-11 19:45 ` Ian Lance Taylor
2023-04-12 16:02 ` Richard Earnshaw
2023-04-12 16:26   ` Siddhesh Poyarekar
2023-04-12 16:52     ` Richard Earnshaw
2023-04-12 16:58       ` Paul Koning
2023-04-12 17:10       ` Siddhesh Poyarekar
2023-04-13  3:51         ` Alan Modra
2023-04-13  4:25           ` Siddhesh Poyarekar
2023-04-13  5:16             ` Alan Modra
2023-04-13 12:00               ` Siddhesh Poyarekar [this message]
2023-04-13 10:25         ` Richard Earnshaw
2023-04-13 11:53           ` Siddhesh Poyarekar
2023-04-13 12:37             ` Richard Earnshaw
2023-04-13 12:54               ` Siddhesh Poyarekar
2023-04-13 13:11                 ` Richard Earnshaw
2023-04-13 13:35                   ` Siddhesh Poyarekar
2023-04-13 13:40                     ` Richard Earnshaw
2023-04-13 13:56                       ` Siddhesh Poyarekar
2023-04-13 14:50                         ` Richard Earnshaw
2023-04-13 15:02                           ` Siddhesh Poyarekar
2023-04-13 15:05                             ` Richard Earnshaw
2023-04-13 16:42                               ` Siddhesh Poyarekar
2023-04-14  9:52                                 ` Richard Earnshaw
2023-04-14 12:43                                   ` Siddhesh Poyarekar
2023-04-14 12:49                                     ` Richard Earnshaw
2023-04-14 13:13                                       ` Siddhesh Poyarekar
2023-04-13 15:08                             ` Paul Koning
2023-04-13 16:02                               ` Siddhesh Poyarekar
2023-04-13 16:49                                 ` Paul Koning
2023-04-13 17:00                                   ` Siddhesh Poyarekar
2023-04-13 17:05                                     ` Paul Koning
2023-04-13 17:29                                       ` Siddhesh Poyarekar
2023-04-13 17:37                                         ` Paul Koning
2023-04-13 18:16                                           ` Siddhesh Poyarekar
2023-04-14 17:37                                     ` Ian Lance Taylor
2023-04-14 18:27                                       ` Siddhesh Poyarekar
2023-04-14 20:46                                         ` Ian Lance Taylor
2023-04-14 21:24                                           ` Siddhesh Poyarekar
2023-04-17 15:31                                           ` Michael Matz
2023-04-17 19:55                                             ` Ian Lance Taylor
2023-04-14 19:45                                       ` DJ Delorie
2023-04-14 20:49                                         ` Ian Lance Taylor
2023-04-15  6:41                                           ` Xi Ruoyao
2023-04-13 16:06                               ` Richard Earnshaw

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e51f57f4-d1d0-60f1-cc1b-eb085ee74d8d@gotplt.org \
    --to=siddhesh@gotplt.org \
    --cc=Richard.Earnshaw@foss.arm.com \
    --cc=amodra@gmail.com \
    --cc=binutils@sourceware.org \
    --cc=gdb@sourceware.org \
    --cc=nickc@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).