From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx-2023-1.gwdg.de (mx-2023-1.gwdg.de [134.76.10.21]) by sourceware.org (Postfix) with ESMTPS id 6A15B3846405; Wed, 3 Apr 2024 14:32:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6A15B3846405 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gwdg.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gwdg.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6A15B3846405 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=134.76.10.21 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712154751; cv=none; b=Il5fmVU9h9DT5I1+41rq0MC6RwgNybnB66OrC8hRPiNKFuS/L3zhczrnE/+lSTRqJf7Ro1aEY/jBfhYQuBf4WCcHKdn3r5VKXY4j82aj3b8EkGmBbjch5m9U7iSfP37Cn7k+AVCQMC+8zxv4Vk38nAfmS+wCMggtw2366GUtuNI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712154751; c=relaxed/simple; bh=hxPPJ9KyIVy1trgSn/9O1PbFa8vOIMAyYAR8RIT+XA4=; h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=rnP5uIOTb5yX0vdFrjpOacyJvKtCVVlaG1rLc/UL4mpd/n+4Ne4yHLor/C82NAfv/VY/6djXeDqbg2jyd/yDB+ZZ7TbuwM99p72P4jKaxoqaEHYZrRFKXztv7XYjlFw1DpQ7vZwNjiiRultvXFZCh8AnGhAaFsYUOt7Yn0QnqAw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gwdg.de; s=2023-rsa; h=MIME-Version:Content-Transfer-Encoding:Content-Type:References: In-Reply-To:Date:CC:To:From:Subject:Message-ID:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=fS8Bkf2oXkWvguHYfk8dHKfQHuy6/SU8XAPm0+tndWo=; b=iqajrhU81K0PgunkBOTMIEbsb+ zfugWuSLD/rFipf61V+hMSCwb0AbFVbPy6EyJ/4dXs+y+bkjTgu2sYC+2qy0G2q6CrmWNC73+vVLo oBRG7MPa5IFaPnoy0O/Qixhya/QhccF3Qm6/a4YB35lH4xWsyHT8ME8h+Z6ReSvQXCh5TwQCD7D5i lblRhrFD81nSGULibEUizRHbTzDvNNt+1GxZ2Czjkh4oqkVum4hdpCeNxriMJvmzc3wX8lz5UzmpA XtcP3CGRvvMyo17kmGH7AmQl7tOaiAzupi3s446zA7k6tbPRFUP7iSx2GOjR+Dv0/qBOjSf3ztnWV 70QC1+kg==; Received: from xmailer.gwdg.de ([134.76.10.29]:50544) by mailer.gwdg.de with esmtp (GWDG Mailer) (envelope-from ) id 1rs1ez-005ukd-1V; Wed, 03 Apr 2024 16:32:17 +0200 Received: from excmbx-29.um.gwdg.de ([134.76.9.204] helo=email.gwdg.de) by mailer.gwdg.de with esmtp (GWDG Mailer) (envelope-from ) id 1rs1ez-0007Su-0h; Wed, 03 Apr 2024 16:32:17 +0200 Received: from [192.168.0.221] (10.250.9.199) by EXCMBX-29.um.gwdg.de (134.76.9.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.37; Wed, 3 Apr 2024 16:32:16 +0200 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor From: Martin Uecker To: Michael Matz CC: Ian Lance Taylor , Paul Koning , Paul Eggert , "Sandra Loosemore" , Mark Wielaard , , , , , Date: Wed, 3 Apr 2024 16:32:15 +0200 In-Reply-To: <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-Originating-IP: [10.250.9.199] X-ClientProxiedBy: MBX19-GWD-08.um.gwdg.de (10.108.142.61) To EXCMBX-29.um.gwdg.de (134.76.9.204) X-Virus-Scanned: (clean) by clamav X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Am Mittwoch, dem 03.04.2024 um 16:00 +0200 schrieb Michael Matz: > Hello, >=20 > On Wed, 3 Apr 2024, Martin Uecker via Gcc wrote: >=20 > > > > Seems reasonable, but note that it wouldn't make any difference to > > > > this attack. The liblzma library was modified to corrupt the sshd > > > > binary, when sshd was linked against liblzma. The actual attack > > > > occurred via a connection to a corrupt sshd. If sshd was running a= s > > > > root, as is normal, the attacker had root access to the machine. N= one > > > > of the attacking steps had anything to do with having root access > > > > while building or installing the program. > >=20 > > There does not seem a single good solution against something like this. > >=20 > > My take a way is that software needs to become less complex. Do=C2=A0 > > we really still need complex build systems such as autoconf? >=20 > Do we really need complex languages like C++ to write our software in? = =20 > SCNR :) =C2=A0 Probably not. > Complexity lies in the eye of the beholder, but to be honest in=20 > the software that we're dealing with here, the build system or autoconf= =20 > does _not_ come to mind first when thinking about complexity. The backdoor was hidden in a complicated autoconf script... >=20 > (And, FWIW, testing for features isn't "complex". And have you looked at= =20 > other build systems? I have, and none of them are less complex, just=20 > opaque in different ways from make+autotools). I ask a very specific question: To what extend is testing=C2=A0 for features instead of semantic versions and/or supported standards still necessary? This seems like a problematic approach that=C2=A0 may have been necessary decades ago, but it seems it may be time to move on. Martin