From: "Petr Tesařík" <petr@tesarici.cz>
To: gdb@sourceware.org
Cc: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
Subject: Re: Threat model for GNU Binutils
Date: Fri, 14 Apr 2023 17:25:38 +0200 [thread overview]
Message-ID: <20230414172538.1ddee8d5@meshulam.tesarici.cz> (raw)
In-Reply-To: <5947697c-274f-58a7-af02-00618691021d@foss.arm.com>
On Fri, 14 Apr 2023 15:41:38 +0100
Richard Earnshaw via Gdb <gdb@sourceware.org> wrote:
> On 14/04/2023 15:08, Siddhesh Poyarekar wrote:
> > On 2023-04-14 09:12, Richard Earnshaw wrote:
>[...]
> >> 2) Code directly generated by the tools contains a vulnerability
> >>
> >> Nature:
> >> The vast majority of code output from the tools comes from the input
> >> files supplied, but a small amount of 'glue' code might be needed in
> >> some cases, for example to enable jumping to another function in
> >> another part of the address space. Linkers are also sometimes asked
> >> to inject mitigations for known CPU errata when this cannot be done
> >> during the compilation phase.
> >
> > Since you've split this one out from machine instructions, there's a
> > third category too; where binutils tools generate incorrect code for
> > alignment of sections, sizes of sections, etc. There's also a (rare)
> > possibility of an infrequently used instruction having incorrect opcode
> > mapping, resulting in a bug being masked when dumped with objdump or
> > resulting code having undefined behaviour.
> >
I must be dumb, but isn't the biggest risk is that GNU Binutils produce
an exploitable bug in the target binary?
Let me give a silly hypothetical example. If the linker places Global
Offset Table incorrectly, so that it overlaps stack, then I would
definitely consider it a security bug in GNU Binutils, because all
input object files were OK, but the result is not.
Just my two cents,
Petr T
next prev parent reply other threads:[~2023-04-14 15:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-14 13:12 Richard Earnshaw
2023-04-14 14:08 ` Siddhesh Poyarekar
2023-04-14 14:41 ` Richard Earnshaw
2023-04-14 15:25 ` Petr Tesařík [this message]
2023-04-14 15:31 ` Richard Earnshaw
2023-04-14 15:50 ` Phi Debian
2023-04-14 16:45 ` Petr Tesařík
2023-04-17 16:17 ` Siddhesh Poyarekar
2023-04-17 16:22 ` Siddhesh Poyarekar
2023-04-14 15:07 ` Richard Earnshaw
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230414172538.1ddee8d5@meshulam.tesarici.cz \
--to=petr@tesarici.cz \
--cc=Richard.Earnshaw@foss.arm.com \
--cc=gdb@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).