From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=7JxI=AE=gotplt.org=siddhesh@sourceware.org>
Received: from bee.birch.relay.mailchannels.net (bee.birch.relay.mailchannels.net [23.83.209.14])
	by sourceware.org (Postfix) with ESMTPS id E03A73858D20;
	Thu, 13 Apr 2023 17:00:54 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E03A73858D20
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 3CBF85C0AEE;
	Thu, 13 Apr 2023 17:00:53 +0000 (UTC)
Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id 833FC5C217B;
	Thu, 13 Apr 2023 17:00:52 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1681405252; a=rsa-sha256;
	cv=none;
	b=0sL0QRk4E6k22VPmkpQnhYvv96qZ1KBShJCIaJwQP8bS478msQwZo2mlSx50YYck7a8RRI
	dSUJJV07dCVLL+1pnU9lirrMXEb7H5e184qUtbot3csXohfSjLUTlebzKUP+OZJerhQVAt
	2zEPtCOyRox8wOXYFJgQ0Q9ktCXyz62wV0xMcicov7l9OwowKhIKhO0Etxqv8i3NhtZOWp
	cb9FslYCSUSpuWjjJvx0uiPk/GNc5i5xjB+4I5symrKH20wgB3Ph/K+R6Nk8xi5rxzQlpf
	0Y0Hnunk2AnJDAMF5HVL4JxPdbd4W2VIayN4j+gH7xmHmQVyu83CFueQ1ytwDw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1681405252;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=QbnzeE9E+Lsul7k500luLL2OPqMzo17RtPclY6Lqj9k=;
	b=0QPCOaJUsm73VF/rPhcTWnTq/Nc/UEmZe6DO1WDodLYhnw6Qi/LBjv+zyvlk7B7PQM66WJ
	QAH+oI7cwd+V60mGUfXu5LTUaO36S3NosmmQFGril/AXdQSYVgkMFx6XG0dde6/nYi0WUz
	gGGeXHHOwlGcDAdIadOfb1cNKfjloNcXYSuTCLXPkcs9H0gRkazhiDWUspgjZjdlKQ439f
	F3PpmcI6CLJMzYFFT4NeLiXlja1FBW860mL6GhRPq5Q+TWHSJf1+hSYbBmvGKxFYTi+uCQ
	/+1EJdXs8JXMtoakvpWEXzS6GtO7BYWhZBch0+cr8OwOYiFl3nAm6ztehEeQwQ==
ARC-Authentication-Results: i=1;
	rspamd-7f66b7b68c-c84j6;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Belong-Illustrious: 18da9ce100a3b2e3_1681405253045_2860688118
X-MC-Loop-Signature: 1681405253045:3699015169
X-MC-Ingress-Time: 1681405253044
Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.101.8.109 (trex/6.7.2);
	Thu, 13 Apr 2023 17:00:53 +0000
Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	(Authenticated sender: siddhesh@gotplt.org)
	by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4Py5SM6RxRzK3;
	Thu, 13 Apr 2023 10:00:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
	s=dreamhost; t=1681405252;
	bh=QbnzeE9E+Lsul7k500luLL2OPqMzo17RtPclY6Lqj9k=;
	h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding;
	b=nH/UGbdIeIBVyMYJkyZjQZEzLeeA82tEyzlhAvUGX1UpWSUwcY8evwpRK8vp8ei8I
	 fANUVaYCx1ZxA047XhiKMEYxE6mSfLoW5oiE7pu3hw7zegxSsyusemw3QWR6jraZ39
	 GTHZAh+yFpuweZ1W/QLlHksSOMPMHNFYG4TcfME4HegfMx9q5vo6ypvCXz5hqg8H5z
	 XQQPYMFMisFtIBYlYdhl92lREg7DsPKVaY6QD4xD6GG6eLcrQgAoTf+oZ2saEkw6iO
	 9ALZYe13l+KC4Oqn7ELzFqQcjGDyhzgohUsU/43rQE9KQ+MF2lxJjwqxzhKshpgjBy
	 X0JLdndxwZc8A==
Message-ID: <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org>
Date: Thu, 13 Apr 2023 13:00:50 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.1
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Content-Language: en-US
To: Paul Koning <paulkoning@comcast.net>
Cc: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
 Nick Clifton <nickc@redhat.com>, Binutils <binutils@sourceware.org>,
 "gdb@sourceware.org" <gdb@sourceware.org>
References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com>
 <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com>
 <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org>
 <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com>
 <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org>
 <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com>
 <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org>
 <eaa76d6a-84eb-fa79-5a1a-4953e02ccabc@foss.arm.com>
 <c9cc65ae-88a4-20ed-ebbe-e05ad99dc8be@gotplt.org>
 <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com>
 <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org>
 <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com>
 <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org>
 <fae638f2-333c-1e62-5df4-154c590a862e@foss.arm.com>
 <d17d09fd-a3be-1e97-2b26-01e8861c6c32@gotplt.org>
 <E76CA0FA-92DC-4AD0-99D1-5A38D3FE749C@comcast.net>
 <a372dad1-5c51-df93-de11-5becf6c09e02@gotplt.org>
 <E8772797-9BC6-412D-B03B-51151B90D706@comcast.net>
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
In-Reply-To: <E8772797-9BC6-412D-B03B-51151B90D706@comcast.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3027.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MEDICAL_SUBJECT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb.sourceware.org>

On 2023-04-13 12:49, Paul Koning wrote:
> If someone sends me an executable file, and I execute it and suffer a virus, shame on me.  If someone sends me a C source file and I compile and link that BUT DO NOT EXECUTE the resulting executable, and I suffer a virus, shame on the tool.

If someone sends me a C source file and I compile and link it without 
inspecting it first, then definitely shame on me again.  Compilers and 
linkers assume *trusted* input.

> I don't expect the act of compiling or linking or objdumping to compromise my system's security, any more than I expect the act of editing a text file to do so.  The key point is expectation.  I'm reminded of a legal rule seen, for example, in "expectation of privacy": I should assume I can be seen when walking around town, but it is valid for me to assume I'm not seen when at home in my bathroom.  Similarly, I should assume my system can get attacked when I execute a program, but it is reasonable for me to assume no attack is possible when I run gcc or objdump (or hexdump or cat).
> 

It's valid for you to assume that you're not seen when you're at home in 
your bathroom.  However, if you take a random device someone gives you 
with you in your bathroom without actually checking what it does...

Anyway like I said to Richard, it's all well and good to say that 
binutils *should* be able to handle untrusted inputs.  The reality is 
that it is not in a position to make that claim and the only reasonable 
security position the project can take is to strongly recommend either 
validating inputs (to make them trusted) or running the tools in a sandbox.

Sid