From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-f173.google.com (mail-yw1-f173.google.com [209.85.128.173]) by sourceware.org (Postfix) with ESMTPS id C917D3847718 for ; Wed, 3 Apr 2024 13:53:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C917D3847718 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C917D3847718 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=209.85.128.173 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712152415; cv=none; b=Ho0YZg1rShgJ0DazU4cekqSoKdSOHV0AdGJoOqwi3MQ+cS8gWhVY69LCRky7UO9KTM50MuGgOdkGhUCr8j7n+2IBrjrVnB3ofb4OH1VHZZEvcVYBHanYqWM/oPR4z8TWFAp6GELbtacBjXs0Mhb7aBOFmGbltEj0sgyUnqbFLtI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712152415; c=relaxed/simple; bh=PpebbdU44aHQ9xaKRGOFYsfLk2S4Jf9MeS4mul1uL2w=; h=MIME-Version:From:Date:Message-ID:Subject:To; b=vAcc6hT8e2g+a14aN/hwJGTQYVtsg2JFdsCoxiXrN+MC4LK4A37hMTTfCm/Cd93Haist12WBBrVwHYQ53/L2uETdUUIuH6KxOSkVMEuJisrDBR/hki6O5IIydU7+buKRM7MHMx5wP1fAACzqGEcCalL457HAaFXCvGlAlOzbXdk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yw1-f173.google.com with SMTP id 00721157ae682-6151d2489b4so21955017b3.0 for ; Wed, 03 Apr 2024 06:53:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712152414; x=1712757214; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qEGW8ehJdXyb0amDUbyU9uNM2r8qts/9q2fnXATA41g=; b=rMWmD82yPflW1PuppeK/rFLgYLPI7Z3dZQpKXKGFfcWmV2wR3IPLjn2KsobP/PpeVT sqBN/eAr3dc57u2d6DzE/na2QTaO+NirTsEzNhgfiiskOSAxBERDQcvWRc6g0m8vUz7y MGEMRUz57+ggGvLhpzHor3pPh4JSKIPtnEekXREcIoC5EhAxNkZhPn4JD998amt1lJmt +9McRl5jgz3/aWRNLBjG7NDu8rqagB2G9Qu/kLy30oEHvTz+7FNNXpGWxBTxI9DNLI5W pnx2kTInIhktlk1/h3CUxMyjTckzMtAZ+VKlUj8Oy5cX+bNolIpINQDV3n5MRpIojVaz eS+Q== X-Forwarded-Encrypted: i=1; AJvYcCURZFjP6J9IIozbq44PwrJ2rGfhrQhXAcY7ESCC+NWjoj+CwYX2L1cpWAboCV/pnlvmu66eknGNB5LATehqaHw= X-Gm-Message-State: AOJu0Yx4J9LVdXm2fvjCBqBvM8/NI8qxy98DLeOGeG8yoBmsO82qqyJu K75iHILJsu3nid7Xv8hCxcvqGdWbg4R5W7O8ZX7ztJOuu8UwWFbdwA4dKBYB X-Google-Smtp-Source: AGHT+IHyeAnBfG6joQ26MJ885nU4Vs1GAh+1E7uX8o/ZrC6/9UesfrCn/rzAJTMshAaGjX5Y/cOkHA== X-Received: by 2002:a81:4ecd:0:b0:615:17a7:5acb with SMTP id c196-20020a814ecd000000b0061517a75acbmr5614365ywb.18.1712152413780; Wed, 03 Apr 2024 06:53:33 -0700 (PDT) Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com. [209.85.219.178]) by smtp.gmail.com with ESMTPSA id x5-20020a81af45000000b0061456786bdcsm1177969ywj.128.2024.04.03.06.53.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 03 Apr 2024 06:53:33 -0700 (PDT) Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dcc71031680so5887862276.2 for ; Wed, 03 Apr 2024 06:53:33 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVFQ9KCTcDLzUngLFmRwvPBbSh6roeXDs8+9TGli9knf3oCoBFNZBU/3m598Ny2mvERbi8/vKvsvYdu8ee8fxA= X-Received: by 2002:a25:b9c4:0:b0:dc6:ff6b:71b2 with SMTP id y4-20020a25b9c4000000b00dc6ff6b71b2mr14431949ybj.4.1712152412952; Wed, 03 Apr 2024 06:53:32 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <077b9dd5-0df1-4384-a9d1-58e4283caf09@redhat.com> <87il0ykgw5.fsf@oldenburg.str.redhat.com> In-Reply-To: <87il0ykgw5.fsf@oldenburg.str.redhat.com> Reply-To: joel@rtems.org From: Joel Sherrill Date: Wed, 3 Apr 2024 08:53:21 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Florian Weimer Cc: Guinevere Larsen via Overseers , Sandra Loosemore , Mark Wielaard , Guinevere Larsen , GCC , binutils , Eli Zaretskii via Gdb , libc-alpha@sourceware.org Content-Type: multipart/alternative; boundary="00000000000060318d0615318ca4" X-Spam-Status: No, score=-1011.5 required=5.0 tests=BAYES_00,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --00000000000060318d0615318ca4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Apr 3, 2024, 3:09=E2=80=AFAM Florian Weimer via Gdb wrote: > * Guinevere Larsen via Overseers: > > > Beyond that, we (GDB) are already experimenting with approved-by, and > > I think glibc was doing the same. > > The glibc project uses Reviewed-by:, but it's completely unrelated to > this. Everyone still pushes their own patches, and there are no > technical countermeasures in place to ensure that the pushed version is > the reviewed version. > Or that there isn't "collusion" between a malicious author and reviewer. Just tagging it approved or reviewed by just gives you two people to blame. It is not a perfect solution either. But double checking and checklists are good practices. They are not foolproof if some bad actor is determined enough. --joel > Thanks, > Florian > > --00000000000060318d0615318ca4--