From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=RHDe=LO=cs.ucla.edu=eggert@sourceware.org>
Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66])
	by sourceware.org (Postfix) with ESMTPS id 74D293858D39;
	Tue,  9 Apr 2024 21:51:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 74D293858D39
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 74D293858D39
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=131.179.128.66
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712699469; cv=none;
	b=JvgMaVKGyAy7f7uXkAXlJ7MHSlNimP1B5Z3RFaKyPZfrDAEJ/+ma71DkyHFttWJ3rPlqhLiJILmkh7zlA7uHitX/yltAEIXaAtGFhMFbX5qhGEV5lXqaDyPuaEfMV5+zl1uo6UMgcAfacFzjAQt0yjA+52iHUkrTOOHKNgTzDzs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1712699469; c=relaxed/simple;
	bh=eCOvFdWUlsM6kuwom3jwkmR3BTZSepIBrc59sVwpkP0=;
	h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From; b=fH/849GYTEFjF2iUZBXjbZOdIpna2XHHbGPvBo9HwDSxXsvG8czqHnwvhv9hZc1uHIE9yVzBTPlQGzAP/Z2Kh1eXv+0NZWpXFasQLUP6yVfyk1yIUm4cYSzVKyKwD/X+fNTYip0Dm4Zj/uDuw0HXgdZetqFp5WvdTCWAtMcQijw=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from localhost (localhost [127.0.0.1])
	by mail.cs.ucla.edu (Postfix) with ESMTP id ED6943C00F4E3;
	Tue,  9 Apr 2024 14:51:05 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id tl6E0H25L7WN; Tue,  9 Apr 2024 14:51:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by mail.cs.ucla.edu (Postfix) with ESMTP id 9D41F3C01409E;
	Tue,  9 Apr 2024 14:51:05 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 9D41F3C01409E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
	s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1712699465;
	bh=AcrqF2z4G4zSkfjXLMd9YFHjVZNiZbcBHJTfi71nfrM=;
	h=Message-ID:Date:MIME-Version:To:From;
	b=Z6Py3XUzZF4KRi7D6kOlQTpYS6iDJhFIS++zx7xoyRyJgO9vvz/NLhCb28xZpDpzP
	 08I6QiTRGpwxTM/HQw94OGovkFNHwb0KEc96+tnQP4Yu5a3zplmv0Ja22lA7/dFlwA
	 wzBriaw0556Bbz2j/74fbyPx4S1eW+h/MaXi6m+XtBYi03SjtQaHIbSJoGhAle9a1L
	 Y6F/c/pjPgCNpYqiLtwuXGAMJAUt2HUFIQXo8nvzhZeeUo5MifvA1wO9g+WJY3M0pI
	 AxWOWo4mYKwZbzc3394ll0dNlx3XtiqUF1u1LO1R7w6I+Kwdl1XI984bdLj2Z82Brl
	 Aaru0JjwX4/QQ==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id La9zs3q7Bvyo; Tue,  9 Apr 2024 14:51:05 -0700 (PDT)
Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200])
	by mail.cs.ucla.edu (Postfix) with ESMTPSA id 531A93C00F4E3;
	Tue,  9 Apr 2024 14:51:05 -0700 (PDT)
Message-ID: <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu>
Date: Tue, 9 Apr 2024 14:50:52 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
To: noloader@gmail.com, Paul Koning <paulkoning@comcast.net>
Cc: Jonathon Anderson <anderson.jonathonm@gmail.com>,
 Andreas Schwab <schwab@linux-m68k.org>, Michael Matz <matz@suse.de>,
 Martin Uecker <uecker@tugraz.at>, Ian Lance Taylor <iant@golang.org>,
 Sandra Loosemore <sloosemore@baylibre.com>, Mark Wielaard <mark@klomp.org>,
 overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org,
 gdb@sourceware.org, libc-alpha@sourceware.org
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
 <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
 <FC0B14DF-0B05-4896-B70F-7D994961D5C2@comcast.net>
 <CAKOQZ8zfgq4xyFkQSFBZpU26g7eh=nr+fiQeAWVeba68DX7DeQ@mail.gmail.com>
 <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at>
 <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
 <cfa8d1d4ffddc1133e3477de31d2237e13bda2d0.camel@gmail.com>
 <41394737-6f2d-86e7-5742-e0a794f9f63c@suse.de>
 <4dd125546c920da4cc744a93f230917a7311c7fb.camel@gmail.com>
 <87h6gazafa.fsf@igel.home>
 <CAO_N0o2PfFdvwCLxqtszLi1ji=1Tr7k6F0Ec07teePz8YuyZQw@mail.gmail.com>
 <62A5C6AE-FE86-48EA-8E0D-E1B17959C8EA@comcast.net>
 <CAH8yC8=cXn5==_aV=2tW7jfnjrf3umKNAFT0cOgpjNBbGBru-w@mail.gmail.com>
Content-Language: en-US
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <CAH8yC8=cXn5==_aV=2tW7jfnjrf3umKNAFT0cOgpjNBbGBru-w@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <overseers.sourceware.org>

On 4/9/24 14:40, Jeffrey Walton wrote:
> Code provenance and code integrity was not enforced. Part of the
> problem is the Autotools design. It is from a bygone era.

No, Andreas is right. This isn't an Autotools-vs-Meson thing.

Most of the Autotools-based projects I help maintain would have been 
immune to this particular exploit, partly because they don't maintain 
their own of Gnulib .m4 files. Conversely, any Meson-based project that 
had the same sort of out-of-repository sloppiness and lack of review 
that xz had, would be vulnerable to similar attacks.

> No one should be able to override a named, GNU supplied m4 macro.

That ship sailed long ago, for Autoconf and for Meson and for every 
other widely-available build tool I know of. Everyone can write and run 
their own code, whether it comes from GNU or not. That's a feature that 
developers want and need. Although this feature can be misused, it's not 
a bug per se.