From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bumble.maple.relay.mailchannels.net (bumble.maple.relay.mailchannels.net [23.83.214.25]) by sourceware.org (Postfix) with ESMTPS id 49AE13858D32; Thu, 13 Apr 2023 04:25:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 49AE13858D32 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 7E554341061; Thu, 13 Apr 2023 04:25:47 +0000 (UTC) Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 0689D341135; Thu, 13 Apr 2023 04:25:47 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1681359947; a=rsa-sha256; cv=none; b=JjpcH5sOP/xUaC1TrNMhabSPCcgiuny31ZocnwnN6eTpMa28knTPe1KTBTQlH/tMQ2Jp1N BTLOjF+C2erbz17sjDBgg874cq1IXLB7baXS1h+IUrIFLVtH+LJWpYI99TKokay1/dnhT0 t/4jFWkAKfNL/lbJwX9jnuRRabD1Vsc5ocI8tZtWbM6ujOY5v4YpB23IEK4DPvSUHk+5Og Ptfo8Bi+1u6mAXqXXZ+BxDPIRW+jpCXBVL/I2va7W0YrPpuF1s1qpN4xir5ZSnvlgpfJ8d z2YumxIx+Pf3xbVaqa8ayAmCdU7JzcjnWV6t/Rq07zQ113u7Zmcsrkzdq53jmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1681359947; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MhyIMy6HQ/e/HtvBgUXp2gwGLZR1Cvxxjs0rP3AZPE8=; b=PHLfHRcexe4xJ4QShhSGJNoKGb72fckxoPNkFTD5TRO9C14oSezw2IJ4f6bpPXxIi64TaE kdhi8FX++dXYKAZcajcuvI5nDY9pN71eTXvgCuz4bLEPvbWwtS1YKLMR8hxTLnVDTud8CK JoEbiCP9PigTnIDxXC/6iZcKpfiqRDdNd1AsIZ93Myu+/iBHr0oFl6BKUin5ikLC3J6RkK 1ejUW6Kw3Ot6Gdrg4OdrFA1lRTTMPFh0vMZHYzR6xWyJ/uzMiDpwrEu9So95S8aCqMUrlj DcfzKFwPAyAb2VPr74Ru44htXafuOTtufoQG3OBGlbB6ksdmU8W1A3O08oouyg== ARC-Authentication-Results: i=1; rspamd-7f66b7b68c-c84j6; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Reaction-Print: 2f8d95303e7a1f78_1681359947302_1825168576 X-MC-Loop-Signature: 1681359947302:562424664 X-MC-Ingress-Time: 1681359947302 Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.114.243.16 (trex/6.7.2); Thu, 13 Apr 2023 04:25:47 +0000 Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4Pxmj62wBvzKl; Wed, 12 Apr 2023 21:25:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1681359946; bh=MhyIMy6HQ/e/HtvBgUXp2gwGLZR1Cvxxjs0rP3AZPE8=; h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding; b=Bp03VRJ2KnOWBR8ErEW+odQMM5d/pWXv34z8XyU8vY6k3DieYAyi8pNScZjnFsani kWNKJH9LfssgtnqNXXgiY9/u3w4BoKcLO4j4pTAi73X0a8qDDgkqgVTYgalLX5JiK/ 8o4sKr2czeVoj53vakVq+x1fsPe1eNZdXQg4+e7QVylCeBmJKI1JXcfTDrEB0nbICO CaqN3Cg14UToYDI0d3ZXtwxpc0vJ5woMPTzkEv4tQ1iyGvxuVlXalydOZAoCsQeLKD To0zw80H142mt1CUox6ODmwRQfLZtj2eyApWCI3u6PtfzCcLoUnNy/rjZs8nn0L6XE OBGc9RftjaQgQ== Message-ID: <7f76e17d-f9fc-92cb-0bc3-99cd155a1c00@gotplt.org> Date: Thu, 13 Apr 2023 00:25:45 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 Subject: Re: RFC: Adding a SECURITY.md document to the Binutils Content-Language: en-US To: Alan Modra Cc: Richard Earnshaw , Nick Clifton , Binutils , "gdb@sourceware.org" References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com> <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> From: Siddhesh Poyarekar In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3027.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MEDICAL_SUBJECT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-04-12 23:51, Alan Modra wrote: > On Wed, Apr 12, 2023 at 01:10:01PM -0400, Siddhesh Poyarekar wrote: >> OK, then how about this for the first paragraph: >> >> ~~~ >> A security bug is one that threatens the security of a system or network. >> In the context of GNU Binutils, there are two ways in which a bug could have >> security consequences. The primary method is when the tools introduce a >> vulnerability in the output file that was not present in the input files >> being processed. The other, albeit unlikely way is when a bug in the tools >> results in a privilege boundary is crossed in either the tools themselves or >> in the code they generate. >> ~~~ > > I don't see that talking about privilege boundaries is particularly > relevant. Consider this: > > It is trivially easy to craft an object file that when examined with > objdump will read your ssh private keys. That's not a bug, it's a > feature of thin archives. > > Now all you need is some means of delivering those private keys, and > I'm sure there are plenty of buffer overflows in libbfd waiting to be > exploited, especially with --enable-targets=all. That's not a crossing of privilege boundaries; ssh private keys are owned by the executing user. A crossing of privilege boundaries implies being able to do something that one wasn't previously able to do, like reading files not owned by the executing user. Sid