From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oo1-xc29.google.com (mail-oo1-xc29.google.com [IPv6:2607:f8b0:4864:20::c29]) by sourceware.org (Postfix) with ESMTPS id 72F493882117; Tue, 9 Apr 2024 22:04:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 72F493882117 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 72F493882117 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::c29 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712700244; cv=none; b=JVhDgPGmrIaiA2R8JnjqScwpiH2qrySUcQbp2haq6wN1r4rPmGcT87ERU2FkOgAaiKBIyrou8qwRsA0ImAAf9+/giPvGfJg4EOT1bfOnoSN3eB4ovCrCBDOYCF5XBVq2MfHmFIFrrDqgY4DGZWpWmIeNmDPTopMuFP/ADVs6pAE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712700244; c=relaxed/simple; bh=MujQ29fUoXxAausNONGgZ7W3iQH0xlDgOiyy6OTQsys=; h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=UTcYGp+ieZP8a8ZePHuPAqsbfGJqjX737ZqvP6s5JAPwz+PmUFd124pQXhIOmGctvkE1m8zkTvxvD/zKsCFeHcM37CJdeodFaswxmyBqZo5pouXn22R16Rkfck7p2sOse7vVIPL/2oDlh+b9Jr2A/8oXSAImy7KCEJRhgaJlSMs= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oo1-xc29.google.com with SMTP id 006d021491bc7-5aa20adda1dso2497347eaf.1; Tue, 09 Apr 2024 15:04:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712700242; x=1713305042; darn=sourceware.org; h=mime-version:user-agent:references:in-reply-to:date:cc:to:from :subject:message-id:from:to:cc:subject:date:message-id:reply-to; bh=MujQ29fUoXxAausNONGgZ7W3iQH0xlDgOiyy6OTQsys=; b=jFDI2drnZ/H7LCGzZOaXTu0ly9DoEAPEh2ev+ZsqksMS20FTooxu7kPMcveix+I12g lctCufVT/rG0MY18YcDyOmbJ7W5MEskriUeanfmuDthFQrBfLeqbGFoLWXA7csjb2/le 4Q+7PzJdMBtwYQXRqrfG5HY6C2AcuaE1qzc4uqO6v69ROwXFrmjMJ/EMsxIYYrt8YYe3 dMtE4yngvbezVuOBB+nKsP6b0dwP2iKq/zXYR65N1TUuwaq2+42kxLRQT1tK2zTnao5F 0AnS1JcfKeLI19Koi5JqE/WTbMiFVKMnPngEuOQQX3SNnZAj3tcQX7stpvGdQqjv3+rh F0Ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712700242; x=1713305042; h=mime-version:user-agent:references:in-reply-to:date:cc:to:from :subject:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=MujQ29fUoXxAausNONGgZ7W3iQH0xlDgOiyy6OTQsys=; b=MDmqHKDN/CPmushAA2+QTpSemO+9DuJWnPqOz/vcM+2HWjgedSOyhxrdtW1WBk8bR7 Ih1cu3+EHm6Ef6QSOIPPoVfpzn6ix+lPRn91XxLmZAX2uvR42/Ur6OLObgSx5y5SictB 80hwtVAGrXkhZhxD4sxc3Jv9MFvqu1d1H+udXjsX1eG59QwJHOLGdiBW8O9YtjGn+gfb eDCm+4V2S7l4rc5yWxoqJBP2XN3x3wSuPmAZ0tAK/9l8bPSgElxncpJPZpDaDyo9QSeD GBXQWF6+KGYBwt3iFSADwc4iVPbzUpE81zCKWQW5wJIqGrQTnQCgwQmMckPRAlc4rLcY XrUA== X-Forwarded-Encrypted: i=1; AJvYcCUvlIRb9SSm1gqRbHLJbscGTkj9iEVqlfWGHLrvwuK87mOU7UB2sVSy6zOhWSs1vbLz4msXqdOObi9j68KnjKcDvLq70pQPjUvKU9FgtlD5kFbCA4gzZgP6R/4nP4cu+koNJE56+PARA/kB27nUYNuxopTmRUx3kzacX3jtalG3nurqobs3OPigGNBv1s5l60s= X-Gm-Message-State: AOJu0YyIWquZsUQKjGSC7mxZg4pjEe+fUpRS7/KqFikv6q5IDSZeIKOu JUclldae8HN3Z970sl7w9vwdPuFj25JuLfH+StV94kB2iuqWsJyJ X-Google-Smtp-Source: AGHT+IG1k76dj2V0DGc0+0TpngSf5s8yF+IpCR0A5nUDLfSdB6Iaq/jipup4tyYR+F8/+E4scgKb8Q== X-Received: by 2002:a05:6820:996:b0:5aa:3860:11f8 with SMTP id cg22-20020a056820099600b005aa386011f8mr945153oob.9.1712700241631; Tue, 09 Apr 2024 15:04:01 -0700 (PDT) Received: from [10.41.6.67] ([24.75.238.76]) by smtp.gmail.com with ESMTPSA id g129-20020a4a5b87000000b005a796851f5bsm2173107oob.35.2024.04.09.15.04.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Apr 2024 15:04:01 -0700 (PDT) Message-ID: <80e3a84930065d749169529d99afd7c251a5edc3.camel@gmail.com> Subject: Re: Sourceware mitigating and preventing the next xz-backdoor From: Jonathon Anderson To: Paul Eggert , noloader@gmail.com, Paul Koning Cc: Andreas Schwab , Michael Matz , Martin Uecker , Ian Lance Taylor , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Date: Tue, 09 Apr 2024 15:03:59 -0700 In-Reply-To: <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu> References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> <41394737-6f2d-86e7-5742-e0a794f9f63c@suse.de> <4dd125546c920da4cc744a93f230917a7311c7fb.camel@gmail.com> <87h6gazafa.fsf@igel.home> <62A5C6AE-FE86-48EA-8E0D-E1B17959C8EA@comcast.net> <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu> Content-Type: multipart/alternative; boundary="=-fFyqYXvq9nl9DoLkNPQj" User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --=-fFyqYXvq9nl9DoLkNPQj Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, 2024-04-09 at 14:50 -0700, Paul Eggert wrote: > On 4/9/24 14:40, Jeffrey Walton wrote: >=20 > > Code provenance and code integrity was not enforced. Part of the > > problem is the Autotools design. It is from a bygone era. >=20 >=20 > No, Andreas is right. This isn't an Autotools-vs-Meson thing. >=20 > Most of the Autotools-based projects I help maintain would have been=20=20 > immune to this particular exploit, partly because they don't maintain=20= =20 > their own of Gnulib .m4 files. Conversely, any Meson-based project that= =20=20 > had the same sort of out-of-repository sloppiness and lack of review=20=20 > that xz had, would be vulnerable to similar attacks. Xz doesn't either, the exploit was unique to the distributed `make dist` ta= rballs. Which is an Autotools quirk present in all Autotools projects. I won't deny that a project could use Meson and be sloppy, a project could = use SSL/TLS/whatever and be completely insecure. But Autotools encourages a= nd semi-requires this sloppy behavior, and CMake and Meson strongly discour= age this behavior. -Jonathon --=-fFyqYXvq9nl9DoLkNPQj--