From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-p02.blackberry.com (smtp-p02.blackberry.com [208.65.78.89]) by sourceware.org (Postfix) with ESMTPS id 53FCA384645B for ; Wed, 3 Apr 2024 14:56:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 53FCA384645B Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=blackberry.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=blackberry.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 53FCA384645B Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=208.65.78.89 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712156195; cv=none; b=vK7JlsYGO7XwvMeaY9+Tr7wSLUPP29N/ZSMBOg9C00jTZr+hcAvo2zdzr3mbeQKKVaCb8MLTOSEmbZ4p786qd6EuDECzu/uwYU2ER4jptVaYMbSCo3ycEcy29AIaTOxKXivBrybaH8iwGH3u/dg06HWpm8P13i/nJUHFe59MMHE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712156195; c=relaxed/simple; bh=rx9Y+1ACw7Ohy6iN3DD0rRM61UTc+K/njouujp4BbIA=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=SwcnhWwRaCoQN/kjMzyj7W2ToH/hQAcSZBSAPM1ldymeC+RXNSrqe8sy46L00DiWyjDVzdlymTidsTRQkLCDK1KR/9YJnjxwL0lvejn1BajMrF68bDg/nydrWmU4a9DP/uLL1wItuqGNNtVUKlb0f5A6UFFVtqaKBsHecZOT0MY= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from pps.filterd (mhs403ykf.rim.net [127.0.0.1]) by mhs403ykf.rim.net (8.17.1.19/8.17.1.19) with ESMTP id 4335iLuH003746 for ; Wed, 3 Apr 2024 10:56:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blackberry.com; h=from : to : subject : date : message-id : references : in-reply-to : content-id : content-transfer-encoding : mime-version : content-type; s=corp19; bh=rx9Y+1ACw7Ohy6iN3DD0rRM61UTc+K/njouujp4BbIA=; b=YdmMSlGvpnlhwJKFwcl5uDehPQrWn9Ajv4XOkslc6Pf9PK1mY5DB4DldLAs87vMaPg0n 4qCiqvXOF5t1gNYyNTynWzViuSzqk5QvOdUtqyPdEPQ+MOZFGpSv0t8ns0y7DAVV5pT7 ieYM+SkOQqGWSV+lFkBBTy0qfZO1uOPrP75b8Etj19DAvUXqLoFkkV7oMmSLztysZJWF 2dRCCUn91pzNkinfR4y7bnXk/aagY8gf+TRhelA//jTZuC+g0daQOW7BdREhr9rs1NOx D+u8RtgrIfsBoucJvjKa/nHrDluAQKYp/mkITNC9EAHG8nEAgRsLwdAMkfEZd/wA8Eoa 9Q== Received: from xch213ykf.rim.net (xch213ykf.rim.net [10.12.114.213]) by mhs403ykf.rim.net (PPS) with ESMTPS id 3x6cxu2t7n-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Wed, 03 Apr 2024 10:56:33 -0400 Received: from XCH214CNC.rim.net (10.3.27.119) by XCH213YKF.rim.net (10.12.114.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.34; Wed, 3 Apr 2024 10:56:33 -0400 Received: from XCH214CNC.rim.net ([fe80::956f:2cb6:9c26:7e18]) by XCH214CNC.rim.net ([fe80::956f:2cb6:9c26:7e18%4]) with mapi id 15.01.2507.034; Wed, 3 Apr 2024 10:56:33 -0400 From: Stephen Webb To: "gdb@sourceware.org" Subject: Re: Sourceware mitigating and preventing the next xz-backdoor Thread-Topic: Sourceware mitigating and preventing the next xz-backdoor Thread-Index: AQHahEZIlGlntSV+Pky2VKh0sE5cabFVqZqAgAACjACAAASjgIAAAnWAgACnEoCAAH7RgIAACNKAgAAGyQA= Date: Wed, 3 Apr 2024 14:56:33 +0000 Message-ID: References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [100.64.197.129] Content-ID: <18A949D177DA9643B5033B7BA6C10032@rim.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-04-03_15,2024-04-03_01,2023-05-22_02 Content-Type: text/plain; charset="utf-8" X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: T24gMjAyNC0wNC0wMyAxMDozMywgTWFydGluIFVlY2tlciB2aWEgR2RiIHdyb3RlOg0KPiBJIGFz ayBhIHZlcnkgc3BlY2lmaWMgcXVlc3Rpb246IFRvIHdoYXQgZXh0ZW5kIGlzIHRlc3RpbmcNCj4g Zm9yIGZlYXR1cmVzIGluc3RlYWQgb2Ygc2VtYW50aWMgdmVyc2lvbnMgYW5kL29yIHN1cHBvcnRl ZA0KPiBzdGFuZGFyZHMgc3RpbGwgbmVjZXNzYXJ5PyAgVGhpcyBzZWVtcyBsaWtlIGEgcHJvYmxl bWF0aWMgYXBwcm9hY2gNCj4gdGhhdMKgIG1heSBoYXZlIGJlZW4gbmVjZXNzYXJ5IGRlY2FkZXMg YWdvLCBidXQgaXQgc2VlbXMgaXQgbWF5IGJlDQo+IHRpbWUgdG8gbW92ZSBvbi4NCg0KVXNpbmcg ZmVhdHVyZSBkZXRlY3Rpb24gaXMgZW50aXJlbHkgdW5uZWNlc3NhcnkgaWYgeW91IGd1YXJhbnRl ZSB5b3UncmUgDQpvbmx5IGV2ZXJ5IGdvaW5nIHRvIHRhcmdldCBzZWxmLWhvc3RlZCBidWlsZHMg b24geDg2XzY0LWxpbnV4LWdudSANCnJ1bm5pbmcgb24gcmVjZW50IGNvbW1vZGl0eSBzZXJ2ZXIg b3IgZGVza3RvcCBoYXJkd2FyZS4NCg0KRm9yIGV2ZXJ5dGhpbmcgZWxzZSwgeWVzLCBpdCdzIGFi c29sdXRlbHkgcmVxdWlyZWQuDQoNCg0KLS0NCg0Kc213DQoNCgotLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tClRoaXMg dHJhbnNtaXNzaW9uIChpbmNsdWRpbmcgYW55IGF0dGFjaG1lbnRzKSBtYXkgY29udGFpbiBjb25m aWRlbnRpYWwgaW5mb3JtYXRpb24sIHByaXZpbGVnZWQgbWF0ZXJpYWwgKGluY2x1ZGluZyBtYXRl cmlhbCBwcm90ZWN0ZWQgYnkgdGhlIHNvbGljaXRvci1jbGllbnQgb3Igb3RoZXIgYXBwbGljYWJs ZSBwcml2aWxlZ2VzKSwgb3IgY29uc3RpdHV0ZSBub24tcHVibGljIGluZm9ybWF0aW9uLiBBbnkg dXNlIG9mIHRoaXMgaW5mb3JtYXRpb24gYnkgYW55b25lIG90aGVyIHRoYW4gdGhlIGludGVuZGVk IHJlY2lwaWVudCBpcyBwcm9oaWJpdGVkLiBJZiB5b3UgaGF2ZSByZWNlaXZlZCB0aGlzIHRyYW5z bWlzc2lvbiBpbiBlcnJvciwgcGxlYXNlIGltbWVkaWF0ZWx5IHJlcGx5IHRvIHRoZSBzZW5kZXIg YW5kIGRlbGV0ZSB0aGlzIGluZm9ybWF0aW9uIGZyb20geW91ciBzeXN0ZW0uIFVzZSwgZGlzc2Vt aW5hdGlvbiwgZGlzdHJpYnV0aW9uLCBvciByZXByb2R1Y3Rpb24gb2YgdGhpcyB0cmFuc21pc3Np b24gYnkgdW5pbnRlbmRlZCByZWNpcGllbnRzIGlzIG5vdCBhdXRob3JpemVkIGFuZCBtYXkgYmUg dW5sYXdmdWwuCg==