From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=7JxI=AE=gotplt.org=siddhesh@sourceware.org>
Received: from boar.tulip.relay.mailchannels.net (boar.tulip.relay.mailchannels.net [23.83.218.250])
	by sourceware.org (Postfix) with ESMTPS id 500DD3858D3C;
	Thu, 13 Apr 2023 16:03:04 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 500DD3858D3C
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id A2EC32017F5;
	Thu, 13 Apr 2023 16:03:01 +0000 (UTC)
Received: from pdx1-sub0-mail-a307.dreamhost.com (unknown [127.0.0.6])
	(Authenticated sender: dreamhost)
	by relay.mailchannels.net (Postfix) with ESMTPA id 14712201B02;
	Thu, 13 Apr 2023 16:03:01 +0000 (UTC)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1681401781; a=rsa-sha256;
	cv=none;
	b=FDFaRK1tY+qAWkDmotU4y3vXlzCFIXf+4diEYpZM+FVuCr500ACWregfvbRRlfsZb4NAJD
	aD1a5uCyvp1Ml30V5FL61OnId5Us+vPKk+fRIj98BMr3m4aMebBa+T+tfrEo41BgJL/0pD
	E1sUCuluzAh/N4jGcZjLsRTR7WWhTp8zXzsReU+siEu9Z8Qn064BzT+OZdrxHOnVwSdO4k
	J1JaqIsjo5B8gJ4x+gnujezNzSQlIJvpBeLxzXF2XTpeVm/tv8+qE8Ou5J2eiOxnk+Z3MH
	9ojLBlBdPrmcnqFXB0SikLg9NctrIIopFDuCbiXDYa9hYxcQGDCkeKlSD7bY6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=mailchannels.net;
	s=arc-2022; t=1681401781;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=S0DWSePy+Dq3QqNyob9m2AUe3KBpfhwFivhFUtVtUT8=;
	b=AQQ1zfCyQw8AGzBuxKe9cQnKOlq2GC3AO+D/X//1eCRpyAm1OAsRRlUAyMmdv8KF39aIns
	0LaHveOAh4POibDQSQ+FfE5CysC8RLCnvJsnQBDHZ7Q2aLSAc/VRQWrGMS5b9yulz172Nj
	QxgSKSvrDYyyBG0AihaG4fYRnOvTIOpksU3xCMuMYz4E+IYxSU2Gyxuv71XJjleA3OAdIe
	dYjL3pN406gcfv9WbI2rXR3erqVRZQ6y0kI8rXOEiqmjJAes4g3Jwf9Gx1FsovBx+Op3bb
	Y7iB0+mfymCrE+ZUB8fT8Zfrmj+yEfg8lU/ZMmHFKGnUXn110Ho0Nl3j2cFNVQ==
ARC-Authentication-Results: i=1;
	rspamd-548d6c8f77-lxbh4;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org
X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org
X-MailChannels-Auth-Id: dreamhost
X-Power-Celery: 510606b2119cf3c6_1681401781443_245396896
X-MC-Loop-Signature: 1681401781443:16029296
X-MC-Ingress-Time: 1681401781443
Received: from pdx1-sub0-mail-a307.dreamhost.com (pop.dreamhost.com
 [64.90.62.162])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.125.42.182 (trex/6.7.2);
	Thu, 13 Apr 2023 16:03:01 +0000
Received: from [192.168.2.12] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	(Authenticated sender: siddhesh@gotplt.org)
	by pdx1-sub0-mail-a307.dreamhost.com (Postfix) with ESMTPSA id 4Py49c3DgYzFN;
	Thu, 13 Apr 2023 09:03:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org;
	s=dreamhost; t=1681401780;
	bh=S0DWSePy+Dq3QqNyob9m2AUe3KBpfhwFivhFUtVtUT8=;
	h=Date:Subject:To:Cc:From:Content-Type:Content-Transfer-Encoding;
	b=t2NvIU+Huwk6dUR2iGwhU4aqtPzzx59i9wa7S9hxxQvTH75HRyuNwY/nSA05mhJMy
	 pgSkD35Nx/dDTFzMn9f/w+/JU+9ezJORJqJxIYbYZMIqNg58V2apMKaB/KWGlioDSe
	 EXG+aA968qCiY5OxyTu/emlqx6WBQyJoQZtCd2rekLYOJpSXQCyWT4iY9Gg4X7GTCO
	 sfLy+ZxjPBM3HJIJzD2u9DMZSKWoue/sDlhdykBQ2/iDCxIEZpJqhOPq7RVxYDZNlw
	 E9HoxzI6J8g8tobHHfXDMrk/c8Wxj9kVgIy70VqgBnUdzNGAzDSrsdUqKAoTv6FQSL
	 1Zufulcuvupxg==
Message-ID: <a372dad1-5c51-df93-de11-5becf6c09e02@gotplt.org>
Date: Thu, 13 Apr 2023 12:02:58 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.1
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Content-Language: en-US
To: Paul Koning <paulkoning@comcast.net>
Cc: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
 Nick Clifton <nickc@redhat.com>, Binutils <binutils@sourceware.org>,
 "gdb@sourceware.org" <gdb@sourceware.org>
References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com>
 <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com>
 <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org>
 <b526c591-760e-bec1-c267-019aae0fde36@foss.arm.com>
 <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org>
 <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com>
 <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org>
 <eaa76d6a-84eb-fa79-5a1a-4953e02ccabc@foss.arm.com>
 <c9cc65ae-88a4-20ed-ebbe-e05ad99dc8be@gotplt.org>
 <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com>
 <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org>
 <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com>
 <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org>
 <fae638f2-333c-1e62-5df4-154c590a862e@foss.arm.com>
 <d17d09fd-a3be-1e97-2b26-01e8861c6c32@gotplt.org>
 <E76CA0FA-92DC-4AD0-99D1-5A38D3FE749C@comcast.net>
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
In-Reply-To: <E76CA0FA-92DC-4AD0-99D1-5A38D3FE749C@comcast.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3027.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MEDICAL_SUBJECT,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gdb.sourceware.org>

On 2023-04-13 11:08, Paul Koning wrote:
> 
> 
>> On Apr 13, 2023, at 11:02 AM, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>>
>> On 2023-04-13 10:50, Richard Earnshaw wrote:
>>> No, whilst elf can be executed, objdump should never be doing that: it's a tool for examining a file, not running it.  You have to have a tool that can safely examine the contents of an elf file or you can never verify it for issues - opening it up in emacs to examine the contents is not the way to do that :)
>>
>> You can verify it for issues, in a sandbox.
>>
>>> But all that is beside the point.  The original case I gave was a /corrupt/ elf file that caused a buffer overrun in the objdump binary.
>>
>> ... and that's a robustness issue.  Any buffer overrun in any program could in theory be exploited to send out files.
> 
> No.  Buffer overruns are generally recognized as security issues, precisely because they (often) can be used to produce arbitrary code execution exploits.

They're a common security exploit vector, but context matters.  If you 
have local access to a system, you can already execute arbitrary code; a 
buffer overrun itself is not going to help you do anything that you 
couldn't already do.  By letting in an untrusted file or by accepting 
inputs over a network, you're opening up a *new* vector to actually 
exploit the buffer overflow to do something you couldn't already do.

> A buiffer overrun would be merely a robustness issue if it is guaranteed to cause nothing worse than a program abort.

Context matters here too.  Over a network or under some circumstances 
with other kinds of untrusted input (such as downloaded files), a simple 
program abort will result in a DoS, which is a security issue.

Sid