From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=RE+4=LO=gmail.com=anderson.jonathonm@sourceware.org>
Received: from mail-oo1-xc31.google.com (mail-oo1-xc31.google.com [IPv6:2607:f8b0:4864:20::c31])
	by sourceware.org (Postfix) with ESMTPS id 65CA33882052
	for <gcc@gcc.gnu.org>; Tue,  9 Apr 2024 22:04:02 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 65CA33882052
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 65CA33882052
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::c31
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712700244; cv=none;
	b=esN1OGQ1oVwBqDcfmpE8qLV0TS7rvFYFRzf9c3c/fwf9d+o/r8E619+TBSUdmHF82cuLbe7ETr7U91gOWKE5XGyY2vdmGtSCducgayySOtBcKtD8B6QwT2Y9wIJZfZb/tcgFp5fvCHDwCg433AOtEm4KcH567bOX9BHSJgJUCZ8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1712700244; c=relaxed/simple;
	bh=MujQ29fUoXxAausNONGgZ7W3iQH0xlDgOiyy6OTQsys=;
	h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=ejigZNaZp6D8EbBiG+zwaQKNB8x3akq48uRTWpAQIkytpjKo7vKkp/h1VW8enXfRo05Y2YUfYh/clZz444et7TIQ4PYvaDcBqYkIRJIdn6hvmBKDhpyUlqhfo28W5PTWU4wOFba6aYAA+hqxv+W1snoa8dkPIrCsJITG+UaxEUQ=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-oo1-xc31.google.com with SMTP id 006d021491bc7-5a4f608432bso4453069eaf.2
        for <gcc@gcc.gnu.org>; Tue, 09 Apr 2024 15:04:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1712700242; x=1713305042; darn=gcc.gnu.org;
        h=mime-version:user-agent:references:in-reply-to:date:cc:to:from
         :subject:message-id:from:to:cc:subject:date:message-id:reply-to;
        bh=MujQ29fUoXxAausNONGgZ7W3iQH0xlDgOiyy6OTQsys=;
        b=gLWhrlPhm8LvkBJPNS1QOkLkJBeb4waechUoS3LprT1tOqBwGbOqoNl+qJWOxzY1sK
         tUSBpTdQ5FyaBYabVx0qaPJzWyzMF3+GXFXKliKkcf3uLsWRp4oFrGFcDy7xf/ed23PK
         gjvZbjCXF+2oUDAAX8R44sE8pnjtIw0eYLkeKSKuJOY6aEdX2M/xwdJAQSGBwF/rRayl
         NOyW4YPOnAqhgzPByah+57y39EcaFE0KkMomYSksci5di6PuhY0tx6ESyP95ZfW+WEro
         cu3R0HvsxaCJRjlQ7rQMW1llKmP3EXcog+G3IWYhJKZWUzt8yPkTdQL34UjdGKIEtanJ
         a4zA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712700242; x=1713305042;
        h=mime-version:user-agent:references:in-reply-to:date:cc:to:from
         :subject:message-id:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MujQ29fUoXxAausNONGgZ7W3iQH0xlDgOiyy6OTQsys=;
        b=S1Vll5a3TlfvHT5Gyc5EJV+MftEBPlxIw35EYYjyocwk0YZglAVlCsdpliIq4aqEc+
         VxNhcsF2HWPzcvTc2PqndBkAObW6yRcNZo89f/98ZOgIydPQTXtmKYk3QfgAVsT7ws6R
         MM8WOnUPzTLRl3Cs/09D9r0rJYxGXb3LQnZ8vIadptS8SdPOYVm0qkbSYUsMCWMuVMNR
         BslZDp9f1jPmglsrAL/q5kTOa5Ly3aQABNguw13sTTNYgvcFyNYOrM/otI9BJErAUKJb
         XmLCz1sxqL2VbW3hO4FKfM5IzR0AxoBYi4NxdaqrL/dVQB/F37eo6cfrexXrVy8kc0oe
         6xBQ==
X-Forwarded-Encrypted: i=1; AJvYcCWxV3bkMRWUa5BECJB8bjxK5QWOB7slf+qJlzB8NW/c7q0JES6LG/q9cNnbRtmTtRLhAfArWLbHO+G4z3PfBpg=
X-Gm-Message-State: AOJu0YwOuA3glerz+bUQX8wfeSedY7XWkU0zKyynxgZIYE9Hymfq4K2C
	bWCQci8Dwc7Y4zkPW4lx5GvwotvyhHCRdlB9OBCnyF7voV3tIk2h
X-Google-Smtp-Source: AGHT+IG1k76dj2V0DGc0+0TpngSf5s8yF+IpCR0A5nUDLfSdB6Iaq/jipup4tyYR+F8/+E4scgKb8Q==
X-Received: by 2002:a05:6820:996:b0:5aa:3860:11f8 with SMTP id cg22-20020a056820099600b005aa386011f8mr945153oob.9.1712700241631;
        Tue, 09 Apr 2024 15:04:01 -0700 (PDT)
Received: from [10.41.6.67] ([24.75.238.76])
        by smtp.gmail.com with ESMTPSA id g129-20020a4a5b87000000b005a796851f5bsm2173107oob.35.2024.04.09.15.04.00
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Apr 2024 15:04:01 -0700 (PDT)
Message-ID: <80e3a84930065d749169529d99afd7c251a5edc3.camel@gmail.com>
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
From: Jonathon Anderson <anderson.jonathonm@gmail.com>
To: Paul Eggert <eggert@cs.ucla.edu>, noloader@gmail.com, Paul Koning
	 <paulkoning@comcast.net>
Cc: Andreas Schwab <schwab@linux-m68k.org>, Michael Matz <matz@suse.de>, 
 Martin Uecker <uecker@tugraz.at>, Ian Lance Taylor <iant@golang.org>,
 Sandra Loosemore <sloosemore@baylibre.com>,  Mark Wielaard
 <mark@klomp.org>, overseers@sourceware.org, gcc@gcc.gnu.org, 
 binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org
Date: Tue, 09 Apr 2024 15:03:59 -0700
In-Reply-To: <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu>
References: <20240329203909.GS9427@gnu.wildebeest.org>
	 <20240401150617.GF19478@gnu.wildebeest.org>
	 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
	 <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
	 <FC0B14DF-0B05-4896-B70F-7D994961D5C2@comcast.net>
	 <CAKOQZ8zfgq4xyFkQSFBZpU26g7eh=nr+fiQeAWVeba68DX7DeQ@mail.gmail.com>
	 <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at>
	 <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
	 <cfa8d1d4ffddc1133e3477de31d2237e13bda2d0.camel@gmail.com>
	 <41394737-6f2d-86e7-5742-e0a794f9f63c@suse.de>
	 <4dd125546c920da4cc744a93f230917a7311c7fb.camel@gmail.com>
	 <87h6gazafa.fsf@igel.home>
	 <CAO_N0o2PfFdvwCLxqtszLi1ji=1Tr7k6F0Ec07teePz8YuyZQw@mail.gmail.com>
	 <62A5C6AE-FE86-48EA-8E0D-E1B17959C8EA@comcast.net>
	 <CAH8yC8=cXn5==_aV=2tW7jfnjrf3umKNAFT0cOgpjNBbGBru-w@mail.gmail.com>
	 <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu>
Content-Type: multipart/alternative; boundary="=-fFyqYXvq9nl9DoLkNPQj"
User-Agent: Evolution 3.46.4-2 
MIME-Version: 1.0
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc.gcc.gnu.org>

--=-fFyqYXvq9nl9DoLkNPQj
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Tue, 2024-04-09 at 14:50 -0700, Paul Eggert wrote:
> On 4/9/24 14:40, Jeffrey Walton wrote:
>=20
> > Code provenance and code integrity was not enforced. Part of the
> > problem is the Autotools design. It is from a bygone era.
>=20
>=20
> No, Andreas is right. This isn't an Autotools-vs-Meson thing.
>=20
> Most of the Autotools-based projects I help maintain would have been=20=20
> immune to this particular exploit, partly because they don't maintain=20=
=20
> their own of Gnulib .m4 files. Conversely, any Meson-based project that=
=20=20
> had the same sort of out-of-repository sloppiness and lack of review=20=20
> that xz had, would be vulnerable to similar attacks.

Xz doesn't either, the exploit was unique to the distributed `make dist` ta=
rballs. Which is an Autotools quirk present in all Autotools projects.

I won't deny that a project could use Meson and be sloppy, a project could =
use SSL/TLS/whatever and be completely insecure. But Autotools encourages a=
nd semi-requires this sloppy behavior, and CMake and Meson strongly discour=
age this behavior.

-Jonathon

--=-fFyqYXvq9nl9DoLkNPQj--