From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by sourceware.org (Postfix) with ESMTPS id 2B66D3858C66; Thu, 13 Apr 2023 03:51:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2B66D3858C66 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pf1-x430.google.com with SMTP id d2e1a72fcca58-6323e359826so1549989b3a.1; Wed, 12 Apr 2023 20:51:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681357878; x=1683949878; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=R3OTSVkd5BesVgEkM55N66j5VntvVxBYn2LmJgVz2z0=; b=h+HIwdsO4EFlrc1/kb/159TFEMAZ4yPTqlRjgKPgT1dCGrkpEWCYsdQAv34QBhz4XR cG7IU4x1SydapXhfA5EIfzSPq6WeH29AGeGxRMwg07/XYErEiUBpxtCU1Q8iANG+Ng4I s1zmPsk+wkQ06eamnO66s76Bw+0K7x/azvXbHi0HtpsgyQvTeIQTfNmbTS1II6/31m85 OYDCLE6ZhQU6i0LFZyvHrC3PlwzDM4MD1SQDdeW0CkFiQiAlBT9gZkfWUqkwnWj9BwhC 1hIdjQLcSAbePErKcWr5a5/lgb7K5CRH1wKl8ohyI4PxxeSTdqMy+FgZarJ8wqqF/SrF 9txw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681357878; x=1683949878; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=R3OTSVkd5BesVgEkM55N66j5VntvVxBYn2LmJgVz2z0=; b=Ly0yodsh3H7yXAD816LgGh6F1tPxENEz0kPyEnmRP8TOj9fwplMw1szmJJHQ1P4eI5 kRZNH2AI71BzSg8JZcHhf4u2Sr27SsyP06hQGNMwGlnPizjh6frvV8y/xgSI2L6KCp+o VrrXBA+H0iekvzOWrHSQxKi5cckWabSHBW2LWXeDSQ5GEJNK/vKNfphQZEiKfbqeDJ6g 1XPElM50jqgUkJ0I9Zz0IvC4Aqrt+RXfaJjbRwPD9U4yF2tHY+FMf6YpCxsC9K+kciwa GiL39mkNqK4dsB57/sn7518horz/fSe97iErLM/RPFr+v2wDELdWAg/Jk2EwMqNHkkqH vuvQ== X-Gm-Message-State: AAQBX9fuX03PRAQxr7n79fqXSxojqBzPIg9l/xujjVAP0qeNfRQpDhXo ogdPD7+Cyn9wLYxycCrG/MU5lbiIcFw= X-Google-Smtp-Source: AKy350Z9sQke/G+isSHnqflm1ggNskQAgio6u+z6J9nTnhwczlxn1abiaynycgjzTmp8SeeoRcst4A== X-Received: by 2002:a05:6a00:2441:b0:63a:ea82:b7b7 with SMTP id d1-20020a056a00244100b0063aea82b7b7mr1394494pfj.28.1681357877881; Wed, 12 Apr 2023 20:51:17 -0700 (PDT) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:4d08:cebd:d73f:b794]) by smtp.gmail.com with ESMTPSA id w2-20020a63c102000000b0051806da5cd6sm347104pgf.60.2023.04.12.20.51.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 20:51:17 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 6ADB51142D9A; Thu, 13 Apr 2023 13:21:14 +0930 (ACST) Date: Thu, 13 Apr 2023 13:21:14 +0930 From: Alan Modra To: Siddhesh Poyarekar Cc: Richard Earnshaw , Nick Clifton , Binutils , "gdb@sourceware.org" Subject: Re: RFC: Adding a SECURITY.md document to the Binutils Message-ID: References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com> <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> X-Spam-Status: No, score=-3023.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,MEDICAL_SUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, Apr 12, 2023 at 01:10:01PM -0400, Siddhesh Poyarekar wrote: > OK, then how about this for the first paragraph: > > ~~~ > A security bug is one that threatens the security of a system or network. > In the context of GNU Binutils, there are two ways in which a bug could have > security consequences. The primary method is when the tools introduce a > vulnerability in the output file that was not present in the input files > being processed. The other, albeit unlikely way is when a bug in the tools > results in a privilege boundary is crossed in either the tools themselves or > in the code they generate. > ~~~ I don't see that talking about privilege boundaries is particularly relevant. Consider this: It is trivially easy to craft an object file that when examined with objdump will read your ssh private keys. That's not a bug, it's a feature of thin archives. Now all you need is some means of delivering those private keys, and I'm sure there are plenty of buffer overflows in libbfd waiting to be exploited, especially with --enable-targets=all. -- Alan Modra Australia Development Lab, IBM