From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170]) by sourceware.org (Postfix) with ESMTPS id 9F6E43858401; Wed, 3 Apr 2024 13:53:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9F6E43858401 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9F6E43858401 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=209.85.128.170 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712152415; cv=none; b=Ho0YZg1rShgJ0DazU4cekqSoKdSOHV0AdGJoOqwi3MQ+cS8gWhVY69LCRky7UO9KTM50MuGgOdkGhUCr8j7n+2IBrjrVnB3ofb4OH1VHZZEvcVYBHanYqWM/oPR4z8TWFAp6GELbtacBjXs0Mhb7aBOFmGbltEj0sgyUnqbFLtI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712152415; c=relaxed/simple; bh=PpebbdU44aHQ9xaKRGOFYsfLk2S4Jf9MeS4mul1uL2w=; h=MIME-Version:From:Date:Message-ID:Subject:To; b=vAcc6hT8e2g+a14aN/hwJGTQYVtsg2JFdsCoxiXrN+MC4LK4A37hMTTfCm/Cd93Haist12WBBrVwHYQ53/L2uETdUUIuH6KxOSkVMEuJisrDBR/hki6O5IIydU7+buKRM7MHMx5wP1fAACzqGEcCalL457HAaFXCvGlAlOzbXdk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-60a068e26d8so65112807b3.3; Wed, 03 Apr 2024 06:53:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712152414; x=1712757214; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qEGW8ehJdXyb0amDUbyU9uNM2r8qts/9q2fnXATA41g=; b=JzjIlwLs8dA42Zv459g3SJtYLw3UW7fuOwusMtMNQP4w6DsfyB7YpIK2pI2R23KlR9 Ekxrlgi5R1xl81GUr6zYz8UhWPcMtHISw9c2qo5TKw3dnkk+X387gQGh8NLGeSpJWaVQ dmwMPCLjcQxdy1uqzaAMT+Z1Em06YJ5+HqcjDz8P8xrKyCM/ZUeUO5DaiwJyf9bUHH6P mHbzEY1HCXmX74QCWQhib+QgSDcNaj+VgPcieWgRDukzMYZ46U47Dxt6LMY0vB3nS5p8 JXZO2BRL5su2fQBBE5ISRjn1QjoSmlSphbBKIY1FGrR1XFvPmndakJCIehFQXszlrq8p 5Erg== X-Forwarded-Encrypted: i=1; AJvYcCWyYSidM7G9Z0VnwWx8GbLUiDHidvlWBr3iRpRdyoBu/stUMWeCN/UgbTajmsXv/M9j6We6+PyT2bJ/Q3kUumEkUBJLN3Cbv2fU9yG7sUipXCoTLArzTFkxue/+IAnezxVxzwQKhEm/LhT1OcFa5xSt2TfLRAWD X-Gm-Message-State: AOJu0YzIMrjcWBMoSZvNwIzsKoN5r5e6ZPxmyjL/WPv83LAmE5uyDfWC jXUwObs7IbOL93lGoG+hCOzTF6CTwg3GO4IAU18eq2owOnjNpBqxo28KnEoI X-Google-Smtp-Source: AGHT+IFe9/dRjxuCpLYZJJXrySw3jqohu6kxg8zqNXLCiAHUM/OfNVwN4Auij/FIPFdjtYZPf3HuCg== X-Received: by 2002:a0d:fd85:0:b0:607:d285:4d7a with SMTP id n127-20020a0dfd85000000b00607d2854d7amr12935511ywf.52.1712152413687; Wed, 03 Apr 2024 06:53:33 -0700 (PDT) Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com. [209.85.219.178]) by smtp.gmail.com with ESMTPSA id q82-20020a815c55000000b006143de9a59esm2912373ywb.11.2024.04.03.06.53.33 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 03 Apr 2024 06:53:33 -0700 (PDT) Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dbed0710c74so4981174276.1; Wed, 03 Apr 2024 06:53:33 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVeXl0QDwx2xoblb/Bw6KfgyicF2+r9Zr7nDX6rRxHSRD4QRV9PrUM5PO1mo4VfPJULe30Kw4ATiHmFeV7blfUkKD3pVSjdlAVPqzoAtoZ6z4xTrM+xp+Di/gvaQsRR0lLA+bE65tgLAmhLLLC32y8YBHurdJ7h X-Received: by 2002:a25:b9c4:0:b0:dc6:ff6b:71b2 with SMTP id y4-20020a25b9c4000000b00dc6ff6b71b2mr14431949ybj.4.1712152412952; Wed, 03 Apr 2024 06:53:32 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <077b9dd5-0df1-4384-a9d1-58e4283caf09@redhat.com> <87il0ykgw5.fsf@oldenburg.str.redhat.com> In-Reply-To: <87il0ykgw5.fsf@oldenburg.str.redhat.com> Reply-To: joel@rtems.org From: Joel Sherrill Date: Wed, 3 Apr 2024 08:53:21 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Florian Weimer Cc: Guinevere Larsen via Overseers , Sandra Loosemore , Mark Wielaard , Guinevere Larsen , GCC , binutils , Eli Zaretskii via Gdb , libc-alpha@sourceware.org Content-Type: multipart/alternative; boundary="00000000000060318d0615318ca4" X-Spam-Status: No, score=-3031.4 required=5.0 tests=BAYES_00,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --00000000000060318d0615318ca4 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Apr 3, 2024, 3:09=E2=80=AFAM Florian Weimer via Gdb wrote: > * Guinevere Larsen via Overseers: > > > Beyond that, we (GDB) are already experimenting with approved-by, and > > I think glibc was doing the same. > > The glibc project uses Reviewed-by:, but it's completely unrelated to > this. Everyone still pushes their own patches, and there are no > technical countermeasures in place to ensure that the pushed version is > the reviewed version. > Or that there isn't "collusion" between a malicious author and reviewer. Just tagging it approved or reviewed by just gives you two people to blame. It is not a perfect solution either. But double checking and checklists are good practices. They are not foolproof if some bad actor is determined enough. --joel > Thanks, > Florian > > --00000000000060318d0615318ca4--