From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=RHDe=LO=cs.ucla.edu=eggert@sourceware.org>
Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66])
	by sourceware.org (Postfix) with ESMTPS id 546193858408;
	Tue,  9 Apr 2024 22:53:59 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 546193858408
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 546193858408
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=131.179.128.66
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712703240; cv=none;
	b=hUvL/8iK5s2H8e7+Di0P6JziqYU9tcXd70qbLHmFrIUksuDwF6gF27OE9kfQTvaSVW3UdOWjx6Qa8V4xQ7M1Esd2K+9fG7+Z/Vy1UKLIzU9NKPcL7gkJqO+4gr2BtSlujgz/wb4mdTSnECNf6CVRCt1wqKHkrSNxAVh/c5oLUEU=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1712703240; c=relaxed/simple;
	bh=nQceeJLH1s3cRhwUAEm26gmly2cZUeIQrs1exptANy4=;
	h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=M6J8xI864mlISsB1E5GzL8Ka2Vf6rmqGDkdexVmDLzjVouwq/2uVZ1HX6pA73l/8KvdGR6O9IjxuXFu+oZKRZqrv3bukQkowcyFPpCZWGlJbkLbHXchUl7+5TdLeKBt9mv6aeJw39Zl/B5tOjyzvyE8JuMzMowKUrSMShxM5XzA=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from localhost (localhost [127.0.0.1])
	by mail.cs.ucla.edu (Postfix) with ESMTP id AF35E3C00F4E2;
	Tue,  9 Apr 2024 15:53:58 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id Tc_0QX_-dCG0; Tue,  9 Apr 2024 15:53:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by mail.cs.ucla.edu (Postfix) with ESMTP id 4A8F93C00F4E3;
	Tue,  9 Apr 2024 15:53:58 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 4A8F93C00F4E3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
	s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1712703238;
	bh=cCrI6JqbZs0bl1hFJfx8GLdKF5TZYRuIGu4IQbOS3uc=;
	h=Message-ID:Date:MIME-Version:To:From;
	b=jNOB9Qg0U7AuDsb6jjFSFfW2FhqS0NcHJDpi5npRbZuItURHNYvP5uyNqHH1i57Vc
	 H2o77jVo1Lepd0T1yAfOgNGGstM2tidk2fb1pBz2KssuTWqH/V4Kx7eCQSZGEEuaC7
	 vMmD98Tco1V0ltWWiGN2RCrD1WgVBXQTZ8CYRw603RBoCZzMR9MO3TIXBGUwfvD8cs
	 2h/CMUUd5xRLe0fTwHmOwtnZA/cck75zpP3xWE7e4jnNdFFhF8eTZeTb8nFzPA2vvy
	 WU29gcuaVbhLHrn7IAcwpiPTO0RQqwohClFFupULPVysu9lQnEvTmlu9Q/qUU9oBwR
	 za+5e6Z7NrgFg==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id G5usMtHoux2i; Tue,  9 Apr 2024 15:53:58 -0700 (PDT)
Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200])
	by mail.cs.ucla.edu (Postfix) with ESMTPSA id 04CEF3C00F4E2;
	Tue,  9 Apr 2024 15:53:58 -0700 (PDT)
Message-ID: <695a04c9-b729-4034-8e0e-1ae3fe1e8b7c@cs.ucla.edu>
Date: Tue, 9 Apr 2024 15:53:57 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
To: Sam James <sam@gentoo.org>
Cc: noloader@gmail.com, Paul Koning <paulkoning@comcast.net>,
 Jonathon Anderson <anderson.jonathonm@gmail.com>,
 Andreas Schwab <schwab@linux-m68k.org>, Michael Matz <matz@suse.de>,
 Martin Uecker <uecker@tugraz.at>, Ian Lance Taylor <iant@golang.org>,
 Sandra Loosemore <sloosemore@baylibre.com>, Mark Wielaard <mark@klomp.org>,
 overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org,
 gdb@sourceware.org, libc-alpha@sourceware.org
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
 <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
 <FC0B14DF-0B05-4896-B70F-7D994961D5C2@comcast.net>
 <CAKOQZ8zfgq4xyFkQSFBZpU26g7eh=nr+fiQeAWVeba68DX7DeQ@mail.gmail.com>
 <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at>
 <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
 <cfa8d1d4ffddc1133e3477de31d2237e13bda2d0.camel@gmail.com>
 <41394737-6f2d-86e7-5742-e0a794f9f63c@suse.de>
 <4dd125546c920da4cc744a93f230917a7311c7fb.camel@gmail.com>
 <87h6gazafa.fsf@igel.home>
 <CAO_N0o2PfFdvwCLxqtszLi1ji=1Tr7k6F0Ec07teePz8YuyZQw@mail.gmail.com>
 <62A5C6AE-FE86-48EA-8E0D-E1B17959C8EA@comcast.net>
 <CAH8yC8=cXn5==_aV=2tW7jfnjrf3umKNAFT0cOgpjNBbGBru-w@mail.gmail.com>
 <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu>
 <87y19mxkog.fsf@gentoo.org>
 <79d33b2f-10fe-43a9-8260-878b78bb5ed6@cs.ucla.edu>
 <87zfu2w508.fsf@gentoo.org>
Content-Language: en-US
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <87zfu2w508.fsf@gentoo.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <overseers.sourceware.org>

On 4/9/24 15:22, Sam James wrote:
> Paul Eggert <eggert@cs.ucla.edu> writes:
> 
>> On 4/9/24 14:58, Sam James wrote:
>>> Meson doesn't allow user-defined functions
>> Meson has ways to execute arbitrary user-defined code, so it's not
>> immune to this sort of exploit.
> To be clear - not saying it's immune.

Sure, but someone who's not expert in Meson could easily misread "Meson 
doesn't allow user-defined functions" and think that this means Meson is 
immune to an xz-style attack, which it's not.

> Just that it scopes the
> user-defined code part to clearly defined sections.

As does Autoconf. To a determined attacker I daresay there's not much 
difference.

> I think it makes sense to optimise for ease of review.

Ease of review definitely a good thing, all other things being equal.

> It's just easy to go too far the other
> way too and not change anything

I'm certainly not advocating that! All I'm saying is that we should use 
our limited development resources wisely.