public inbox for gdb@sourceware.org
 help / color / mirror / Atom feed
From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Ian Lance Taylor <iant@google.com>
Cc: Paul Koning <paulkoning@comcast.net>,
	Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
	Nick Clifton <nickc@redhat.com>,
	Binutils <binutils@sourceware.org>,
	"gdb@sourceware.org" <gdb@sourceware.org>
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Date: Fri, 14 Apr 2023 17:24:56 -0400	[thread overview]
Message-ID: <c837b72d-cc47-3d4d-d727-a5f76e08b76c@gotplt.org> (raw)
In-Reply-To: <CAKOQZ8x4KOfVhdGrf+mgkRJ9QkDn36jUJcWWXU=NG1E3g6BDyg@mail.gmail.com>

On 2023-04-14 16:46, Ian Lance Taylor wrote:
> On Fri, Apr 14, 2023 at 11:27 AM Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>>
>> A compiler crash, core dump, etc. is definitely a serious bug and we
>> consider them as P1/P2 in almost all cases.  However to be considered a
>> security issue, the input has to be crafted and that's where the user
>> comes in; their responsibility is to ensure that they don't build
>> untrusted code (e.g. when they're trying to study malware or virus
>> sources or binaries) outside of sandboxes.
> 
> I believe I understand what you are saying, and I don't agree.
> 
> We live in a time where free software has succeeded.  People routinely
> rely on gigantic libraries provided as source code by people across
> the Internet.  10% of the projects on GitHub are written at least
> partially in C++.  To argue that people should not even compile
> untrusted code is to speak about a world that simply does not exist
> today.  Very few people working on application level code can trust
> their entire software supply chain.
> 
> This means that software development must be secure at every level.
> We must not rely on the single layer of defense of trusting source
> code, a defense that very few people can maintain.  We must defend at
> other levels.
> 
> The binutils developers must play their own small part in this, which
> is to assemble and link code correctly, and to not make the assembler,
> linker, and related tools themselves into vectors for security issues.

I don't disagree with that as an end goal (I even suggested that in that 
previous thread last year), I think our disagreement is in how we get 
there in terms of policy, which is a result of that conversation from 
last year and from exploring how llvm and rust are handling it.

>> If as a project we decide to treat untrusted input as a valid use case,
>> it is going to shift the goalposts for binutils (and gcc, if we take the
>> same stand there). I suppose golang does try to adhere to these higher
>> standards somewhat but I am not well versed with their formal position
>> on this.  I've seen them consider bugs due to untrusted regex inputs as
>> security issues whereas even glibc currently doesn't, except for some
>> very specific conditions.
> 
> Yes, the Go project does aim to adhere to these higher standards,
> because, in my opinion, they are the correct standards.
> 
> And, honestly, these are not standards that are unusually difficult to
> meet.  Don't dump core, don't use up all of memory, don't have buffer
> overflows.  Treat failures of this sort as security bugs to be fixed
> ASAP in minor releases.  These are achievable goals.

Sure, they're achievable with adequate resources, but I'm not sure if 
the binutils project has that; that was in essence the conclusion of 
last year's conversation FWIW.  That of course is a question for the 
maintainers of the project.

Thanks,
Sid

  reply	other threads:[~2023-04-14 21:24 UTC|newest]

Thread overview: 56+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-07  8:42 Nick Clifton
2023-04-07 10:36 ` Eli Zaretskii
2023-04-11 13:29   ` Nick Clifton
2023-04-11 14:23     ` Simon Marchi
2023-04-11 15:00       ` Eli Zaretskii
2023-04-11 16:22         ` Nick Clifton
2023-04-11 16:32           ` Matt Rice
2023-04-11 18:18         ` J.W. Jagersma
2023-04-12  8:43           ` Nick Clifton
2023-04-08  6:30 ` Jan Beulich
2023-04-10 18:30 ` John Baldwin
2023-04-20 15:56   ` Nick Clifton
2023-04-11 19:45 ` Ian Lance Taylor
2023-04-12 16:02 ` Richard Earnshaw
2023-04-12 16:26   ` Siddhesh Poyarekar
2023-04-12 16:52     ` Richard Earnshaw
2023-04-12 16:58       ` Paul Koning
2023-04-12 17:10       ` Siddhesh Poyarekar
2023-04-13  3:51         ` Alan Modra
2023-04-13  4:25           ` Siddhesh Poyarekar
2023-04-13  5:16             ` Alan Modra
2023-04-13 12:00               ` Siddhesh Poyarekar
2023-04-13 10:25         ` Richard Earnshaw
2023-04-13 11:53           ` Siddhesh Poyarekar
2023-04-13 12:37             ` Richard Earnshaw
2023-04-13 12:54               ` Siddhesh Poyarekar
2023-04-13 13:11                 ` Richard Earnshaw
2023-04-13 13:35                   ` Siddhesh Poyarekar
2023-04-13 13:40                     ` Richard Earnshaw
2023-04-13 13:56                       ` Siddhesh Poyarekar
2023-04-13 14:50                         ` Richard Earnshaw
2023-04-13 15:02                           ` Siddhesh Poyarekar
2023-04-13 15:05                             ` Richard Earnshaw
2023-04-13 16:42                               ` Siddhesh Poyarekar
2023-04-14  9:52                                 ` Richard Earnshaw
2023-04-14 12:43                                   ` Siddhesh Poyarekar
2023-04-14 12:49                                     ` Richard Earnshaw
2023-04-14 13:13                                       ` Siddhesh Poyarekar
2023-04-13 15:08                             ` Paul Koning
2023-04-13 16:02                               ` Siddhesh Poyarekar
2023-04-13 16:49                                 ` Paul Koning
2023-04-13 17:00                                   ` Siddhesh Poyarekar
2023-04-13 17:05                                     ` Paul Koning
2023-04-13 17:29                                       ` Siddhesh Poyarekar
2023-04-13 17:37                                         ` Paul Koning
2023-04-13 18:16                                           ` Siddhesh Poyarekar
2023-04-14 17:37                                     ` Ian Lance Taylor
2023-04-14 18:27                                       ` Siddhesh Poyarekar
2023-04-14 20:46                                         ` Ian Lance Taylor
2023-04-14 21:24                                           ` Siddhesh Poyarekar [this message]
2023-04-17 15:31                                           ` Michael Matz
2023-04-17 19:55                                             ` Ian Lance Taylor
2023-04-14 19:45                                       ` DJ Delorie
2023-04-14 20:49                                         ` Ian Lance Taylor
2023-04-15  6:41                                           ` Xi Ruoyao
2023-04-13 16:06                               ` Richard Earnshaw

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c837b72d-cc47-3d4d-d727-a5f76e08b76c@gotplt.org \
    --to=siddhesh@gotplt.org \
    --cc=Richard.Earnshaw@foss.arm.com \
    --cc=binutils@sourceware.org \
    --cc=gdb@sourceware.org \
    --cc=iant@google.com \
    --cc=nickc@redhat.com \
    --cc=paulkoning@comcast.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).