From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=6C9W=DZ=google.com=iant@sourceware.org>
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e])
	by sourceware.org (Postfix) with ESMTPS id D17683858D20
	for <gcc-patches@gcc.gnu.org>; Tue,  8 Aug 2023 17:36:06 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D17683858D20
Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com
Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-686fc0d3c92so4050829b3a.0
        for <gcc-patches@gcc.gnu.org>; Tue, 08 Aug 2023 10:36:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20221208; t=1691516166; x=1692120966;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Fp1FgE72BezHF7MboZIOptRSu7q/EUnFkY2RkwXeE00=;
        b=ny02ABlniYVP2d6crzJ7+4OgNkPHCJGJ33z2VGu/Rt4TRQhOplcnbeLsBaIgN2+baM
         TI+GfhDVEJnU5Gu+lXme1G0yB1cHCnjPgXCwmS8uTEDftBORZUcUX/hha3RwkwQ3Nix4
         1/HTnXF4FcCQ8wJDQNbI27cYPaFVl+CSxnuaqQVCSvOMthIl0IRyp9Pes/3JCpY2OCtf
         FEFJ1zn4sZnmcBwLo75ftbUaWwt0TspcvslXhneXvCHYYI8RdeCpRSv9rG+m49yumlrh
         u+CqQcFQ2VEhA110S7Amo8PrL2845CmN3ec5XI1o87SiidRkoEvmilHLGwZtBwE3lJoj
         uYWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1691516166; x=1692120966;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Fp1FgE72BezHF7MboZIOptRSu7q/EUnFkY2RkwXeE00=;
        b=bBDpckVgpWI2j1p0ekzgwSeRD0KNj+KsPR3qUU/oHL18ifo302JQAdhb6QK6RfpZeE
         OyOP1EGLTssCz7h9CndTVXbSwxe0yLc+eMvVQAyzQf4UyFP8cXW9tJjWLfLhMbeHTu0v
         Mq3cwSN5/CVyknzRWR+an4FQ8kEGED6Ym9Ugd30XcpQBEOHuXfbxfN24TY/q/Ype6Xul
         JpA3zPPSUUTmSeXMO7nvTPoqrU+cIAXiB2D3TeW6VFUUawP0voEzhosN2HkjtgGkdMlv
         UjcDQp7ucGKJdV5aFC2Cvw8BVU45thqAWcNGC42P54g0blwHCIFhPkLs64j9wZU85lDo
         5wFg==
X-Gm-Message-State: AOJu0YwMBVAGuDXdPQrIArISNowdyg8qMuoBsaRuPNiidQzJQd5B1oC2
	lIwBH7NS+BPGRESkcEyMY+YDtPeGhF2VZ+fgXRiTOw==
X-Google-Smtp-Source: AGHT+IEGTgD8tGsmTzzWxURpZ1StpcfBg9H9kFgoIp4+oe9Kwj+f1+ZVEq0D+SYJhxmRNJIlQFeQjfwvTBbeYbT/t+E=
X-Received: by 2002:a17:90a:760b:b0:267:f2f6:586b with SMTP id
 s11-20020a17090a760b00b00267f2f6586bmr218886pjk.21.1691516165568; Tue, 08 Aug
 2023 10:36:05 -0700 (PDT)
MIME-Version: 1.0
References: <CAGWvny=z1yotE-6geJL1j80qSeZU67h-ZENPowM=BSNm0nHOVA@mail.gmail.com>
 <CAFiYyc0QW53dapAXy1b8A8XnFqOypWaG2veVkruv2Fi_DyekBg@mail.gmail.com>
 <5dab0019-a28e-f6b1-c822-9217d4d2f59f@gotplt.org> <CAFiYyc3nQ3ihNvUL1-URVn74ExMPXsxcbFq5SZ6ESM5WZEK40g@mail.gmail.com>
 <ZNI8s5PRPxEE1Awe@tucnak> <CAKOQZ8zSy5f9JKv2JuDE-OgWAnY3CYO_fsvajE8BhBYKwVOQ_A@mail.gmail.com>
 <CAFiYyc2eiOX-Tw4mRPWhw86kiHNXq0LoEAAU0N1gB7EhyO493Q@mail.gmail.com>
 <ea16c3bd-8653-72d2-b7d4-8677f1a11f59@gotplt.org> <CAGWvny=7AfLUug1SSm6yeOVbbh-GwY6KFkcB_m8CMA_jgS67Rw@mail.gmail.com>
 <df2f2e29-4507-67d8-1c28-aa9416862313@gotplt.org> <ZNJTE7a5dS1+Hug0@tucnak>
In-Reply-To: <ZNJTE7a5dS1+Hug0@tucnak>
From: Ian Lance Taylor <iant@google.com>
Date: Tue, 8 Aug 2023 10:35:53 -0700
Message-ID: <CAKOQZ8zyB2MLe=-C0h=D1dLFv5d=-zPn6h2z=5twhvhqdsP=Yg@mail.gmail.com>
Subject: Re: [RFC] GCC Security policy
To: Jakub Jelinek <jakub@redhat.com>
Cc: Siddhesh Poyarekar <siddhesh@gotplt.org>, David Edelsohn <dje.gcc@gmail.com>, 
	Richard Biener <richard.guenther@gmail.com>, GCC Patches <gcc-patches@gcc.gnu.org>, 
	"Carlos O'Donell" <carlos@redhat.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-16.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

On Tue, Aug 8, 2023 at 7:37=E2=80=AFAM Jakub Jelinek <jakub@redhat.com> wro=
te:
>
> BTW, I think we should perhaps differentiate between production ready
> libraries (e.g. libgcc, libstdc++, libgomp, libatomic, libgfortran, libqu=
admath,
> libssp) vs. e.g. the sanitizer libraries which are meant for debugging an=
d
> I believe it is highly risky to run them in programs with extra priviledg=
es
> - e.g. I think they use getenv rather than *secure_getenv to get at vario=
us
> tweaks for their behavior including where logging will happen and upstrea=
m
> doesn't really care.
> And not really sure what to say about lesser used language support
> libraries, libada, libphobos, libgo, libgm2, ... nor what to say about
> libvtv etc.

libgo is a complicated case because it has a lot of components
including a web server with TLS support, so there are a lot of
potential security issues for programs that use libgo.  The upstream
security policy is https://go.dev/security/policy.  I'm not sure what
to say about libgo in GCC, since realistically the support for
security problems is best-effort.  I guess we should at least accept
security reports, even if we can't promise to fix them quickly.

Ian