From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) by sourceware.org (Postfix) with ESMTPS id 88A053858D32; Thu, 13 Apr 2023 05:16:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 88A053858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-pl1-x62c.google.com with SMTP id i8so4884984plt.10; Wed, 12 Apr 2023 22:16:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681362974; x=1683954974; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=LNniblOIa6dMp6Y4+O7YIkbhnWfikFnh35hmHLUcpj0=; b=eM7voSYQFX2WUXIbTOIoP0MdSxsRp++4hwhUDMKdHyK6P+kFBNwa5ZQn9mCZc3Nh00 qe8MT19LMM8S9aoIs65kIgHk1BHSMiUDOvwvwnmEgwDacshMD1SsyU50mUyiFDS42YD8 OC+ol3nkwosH7c72SVeJWJedfnMJuO/OT/qHBdDJGofpdNz912T5hgLesVz4L9p5utt9 OeQyks4rcE1EfG59rsXFvnaC8z5iCy0Ypq00gjxs1tLo3aYc0M4xlzqmhQ+hVli9+qma ozwyPVMmp6qlKFqNZ4JxJs1mUidogFMHUfgOMTMPnh6EKBUqBD2B3WYzrvKuybRQjPDf FdQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681362974; x=1683954974; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=LNniblOIa6dMp6Y4+O7YIkbhnWfikFnh35hmHLUcpj0=; b=A3cXix+58c2RFnJnVf192wNvWe1qtayKApaglws1SL6s1ovrRzR7D0iJnF59Suw6oW 3ABuUhfmKFUGbaaqLYU3QI2Oaux8qyDtaZym31QesFqqPscu16E2R1TWBebArnOmHYt6 SH+jUqoteXopGDTvPSpLZSwFh3+vN+zflMTi8lwtZAvbO7rvq+5QgqLBprBahn2X03ql G4SIFc0xR1u0Tcyf08Ni56UsdkKOfs8XYtwUHs53mO+hdvrMZezuElpKc73kLDyUaBQK 0UUz7hYlDlGm/PMPH5GQDMTg5arvlyNLlmL23aoUzbsjrELQOMWqmApelh9DLoTwUgpd YrDQ== X-Gm-Message-State: AAQBX9dcx9WsdVIo64bWn1lduXcSoJXpgphxyqwoqF1PQvZF9RPuJ5Rn 1Mh0AAzCTEaxCc/nmxzSigE= X-Google-Smtp-Source: AKy350YUJNjiz41DZzxWweKapXPD5QqzU3LWU02QbokmkAqvM4sHNZbIo/x/PicOw4WwpnDw6e67cg== X-Received: by 2002:a17:90a:d351:b0:234:bf0:86b9 with SMTP id i17-20020a17090ad35100b002340bf086b9mr665726pjx.25.1681362974023; Wed, 12 Apr 2023 22:16:14 -0700 (PDT) Received: from squeak.grove.modra.org ([2406:3400:51d:8cc0:4d08:cebd:d73f:b794]) by smtp.gmail.com with ESMTPSA id 32-20020a17090a09a300b002405d3bbe42sm2386328pjo.0.2023.04.12.22.16.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 22:16:13 -0700 (PDT) Received: by squeak.grove.modra.org (Postfix, from userid 1000) id 7D6351140A9E; Thu, 13 Apr 2023 14:46:10 +0930 (ACST) Date: Thu, 13 Apr 2023 14:46:10 +0930 From: Alan Modra To: Siddhesh Poyarekar Cc: Richard Earnshaw , Nick Clifton , Binutils , "gdb@sourceware.org" Subject: Re: RFC: Adding a SECURITY.md document to the Binutils Message-ID: References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com> <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> <7f76e17d-f9fc-92cb-0bc3-99cd155a1c00@gotplt.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7f76e17d-f9fc-92cb-0bc3-99cd155a1c00@gotplt.org> X-Spam-Status: No, score=-3023.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,MEDICAL_SUBJECT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Thu, Apr 13, 2023 at 12:25:45AM -0400, Siddhesh Poyarekar wrote: > On 2023-04-12 23:51, Alan Modra wrote: > > On Wed, Apr 12, 2023 at 01:10:01PM -0400, Siddhesh Poyarekar wrote: > > > OK, then how about this for the first paragraph: > > > > > > ~~~ > > > A security bug is one that threatens the security of a system or network. > > > In the context of GNU Binutils, there are two ways in which a bug could have > > > security consequences. The primary method is when the tools introduce a > > > vulnerability in the output file that was not present in the input files > > > being processed. The other, albeit unlikely way is when a bug in the tools > > > results in a privilege boundary is crossed in either the tools themselves or > > > in the code they generate. > > > ~~~ > > > > I don't see that talking about privilege boundaries is particularly > > relevant. Consider this: > > > > It is trivially easy to craft an object file that when examined with > > objdump will read your ssh private keys. That's not a bug, it's a > > feature of thin archives. > > > > Now all you need is some means of delivering those private keys, and > > I'm sure there are plenty of buffer overflows in libbfd waiting to be > > exploited, especially with --enable-targets=all. > > That's not a crossing of privilege boundaries; I know. Ah, I see. You were saying that only the very narrow case of a privilege escalation will be considered a "security bug". Fair enough I suppose, but that's close to the much simpler and more easily understood: "binutils makes no claim to being secure, ergo there are no security bugs". -- Alan Modra Australia Development Lab, IBM