From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=7JxI=AE=gotplt.org=siddhesh@sourceware.org>
Received: from dog.birch.relay.mailchannels.net (dog.birch.relay.mailchannels.net [23.83.209.48])
	by sourceware.org (Postfix) with ESMTPS id 5B7EA3858D32;
	Thu, 13 Apr 2023 16:42:11 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5B7EA3858D32
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 96284103E0C;
	Thu, 13 Apr 2023 16:42:08 +0000 (UTC)
Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id 0E5F6103BE6;
	Thu, 13 Apr 2023 16:42:08 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1681404128; a=rsa-sha256;
	cv=none;
	b=EDYNBqUX0LP+AIux5LzZKVS45UUw+idLRwsViYqoz1tnNX3IWlQ7d3Bu+JucgdQvrTXGwY
	Oko5aDNVvtUW+0K1VC5OwJo1hlunsEMJz2B/eyjU1gM7v1byuv0wepas5/rUYuaAcdQYBC
	qCVdky839iFIzZRgURjB+yPIp0yt+I86bmpipSALHNhlDBdhMTSUVTzeFTwVBY+WSadx5D
	RCclnVLkobjTOANKruoji4ChHPomg2BsdfuVHBGMJgnSWok8lBRjiv9QUihHc/dJnUg0wN
	tFCa99E7XSLd4R6YaKGbZOdk9Dx2v+mKVm71GgmG8nnY2kbJthzzIvQxwVQ3Qw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1681404128;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=wdIpBXNdN5iJiFWPkzUY4auArvWUBE3nE5PXxi64Dho=;
	b=9sub2e+JGiCLuZo90Fqvxkj3j7Yt7lmeSmBlrGTHQWmoao/FIUjSUhSd1HjYyXdKXsYvU1
	m6mKt5fbAfj0I2dvPkWT6tHumHMQ3UzeDBXCLVtZ0+ty2GsIyPdPilr48AzMyegS0PMHrj
	lgHshBCoYGhD1hQZtS4swA1LYDs/1azVb9Y/981NxeNEqjb6hXI5cym1NqPvuFb7N3G/ln
	XAFycecRB6dJqTGLO0ftLxA9/8v5J6mdH9S2+lWElsBCGlEQdf9p0L/7C4dtWig/cQ0GAH
	56DKYd1a8/zK2BPoIywz1+XKIYp4kBlF3Yb7qkR9mAmEU3KhvOQssA8TSpTTuQ==
ARC-Authentication-Results: i=1;
	rspamd-7f66b7b68c-vbn7j;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Thoughtful-Harmony: 79aee55b4f279f3c_1681404128323_4275589379
X-MC-Loop-Signature: 1681404128323:2567569961
X-MC-Ingress-Time: 1681404128323
Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.116.217.230 (trex/6.7.2);
	Thu, 13 Apr 2023 16:42:08 +0000
Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	(Authenticated sender: siddhesh@gotplt.org)
	by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4Py52l25v9z5k;
	Thu, 13 Apr 2023 09:42:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
	s=dreamhost; t=1681404127;
	bh=wdIpBXNdN5iJiFWPkzUY4auArvWUBE3nE5PXxi64Dho=;
	h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding;
	b=odxeouasaYrCmKrC21PiMlZzdH9Qxj9BV+Dbb5vQz+r3LqNbLDNoGH2qIMixsT/NO
	 LsJwJ4e3gmgL1K/2nZa/Bur/eARFyitbZ4m2q+MSUZEPINZiooIAURsm22LnyLqNYU
	 zi4BC1vpB8hQTCe1wW9Z94MSf8yuOjDZtbLFnX3vPl1lIxyYTR7foFbB2ledkztMgL
	 KbILdw/VTaqwEdJ02bqw3S5cvWt+L6i1PU+2pvASBKjrBS9Z5yY2DSyeDMqIFqfHmo
	 z/lwIV84HWz3GWuE7PhYlS4Kojoo27V5tO2OESSzwev1CjpDfOdNk8wQV0l4wtk4pH
	 3sa+TVycfAEgA==
Message-ID: <613a6e55-846c-9f1f-cfd0-046b52487ae3@gotplt.org>
Date: Thu, 13 Apr 2023 12:42:05 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.1
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Content-Language: en-US
To: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
 Nick Clifton <nickc@redhat.com>, Binutils <binutils@sourceware.org>
Cc: "gdb@sourceware.org" <gdb@sourceware.org>
References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com>
 <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com>
 <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org>
 <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com>
 <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org>
 <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com>
 <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org>
 <eaa76d6a-84eb-fa79-5a1a-4953e02ccabc@foss.arm.com>
 <c9cc65ae-88a4-20ed-ebbe-e05ad99dc8be@gotplt.org>
 <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com>
 <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org>
 <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com>
 <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org>
 <fae638f2-333c-1e62-5df4-154c590a862e@foss.arm.com>
 <d17d09fd-a3be-1e97-2b26-01e8861c6c32@gotplt.org>
 <43912382-2d32-9fff-8dad-5c41491eb804@foss.arm.com>
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
In-Reply-To: <43912382-2d32-9fff-8dad-5c41491eb804@foss.arm.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-3027.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MEDICAL_SUBJECT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb.sourceware.org>

On 2023-04-13 11:05, Richard Earnshaw wrote:
> On 13/04/2023 16:02, Siddhesh Poyarekar wrote:
>> On 2023-04-13 10:50, Richard Earnshaw wrote:
>>> No, whilst elf can be executed, objdump should never be doing that: 
>>> it's a tool for examining a file, not running it.  You have to have a 
>>> tool that can safely examine the contents of an elf file or you can 
>>> never verify it for issues - opening it up in emacs to examine the 
>>> contents is not the way to do that :)
>>
>> You can verify it for issues, in a sandbox.
> 
> Maybe.  But not always, it might not crash the program, but still lead 
> to issues once taken outside of the sandbox.

You don't analyze untrusted data outside of a sandbox.  Really, it's 
security 101.

>>> But all that is beside the point.  The original case I gave was a 
>>> /corrupt/ elf file that caused a buffer overrun in the objdump binary.
>>
>> ... and that's a robustness issue.  Any buffer overrun in any program 
>> could in theory be exploited to send out files.
>>
> 
> So what's your point?  These /are/ vulnerabilities in the program and 
> need to be considered security issues.

I already made my point; I agree that they are security issues but the 
security mitigation mechanism is in the environment, not the program.  I 
do not think it is in the interest of the binutils project to guarantee 
safety in analysis of untrusted programs without requisite protections 
of the environment.

Sid