From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces+public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id WvahLLtkDGZbkCAAWB0awg
	(envelope-from <gdb-bounces+public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Tue, 02 Apr 2024 16:04:11 -0400
Authentication-Results: simark.ca;
	dkim=pass (2048-bit key; unprotected) header.d=cs.ucla.edu header.i=@cs.ucla.edu header.a=rsa-sha256 header.s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C header.b=NEtR+Eba;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id 9ACBC1E0C0; Tue,  2 Apr 2024 16:04:11 -0400 (EDT)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 2C59E1E030
	for <public-inbox@simark.ca>; Tue,  2 Apr 2024 16:04:09 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 87E1C38708E3
	for <public-inbox@simark.ca>; Tue,  2 Apr 2024 20:04:08 +0000 (GMT)
Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66])
 by sourceware.org (Postfix) with ESMTPS id C35EA3858D28;
 Tue,  2 Apr 2024 20:03:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C35EA3858D28
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=cs.ucla.edu
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C35EA3858D28
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=131.179.128.66
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712088213; cv=none;
 b=NsDTZIHC9Rm3YoZ6moTP1Nxm7dUwAmD3ymP1LkqUsvdMt0H7Kv17VTe61GhH+ABVCVJHZhKZzL/W9bM9eOMj0PvwBYj2M66CeJL2OhSssqUjYN0805O+SbXNuHKFbZwUMCIESZFrjHd/mfa2vBjClUqFBtiufCFKfoyDqxxrHH4=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1712088213; c=relaxed/simple;
 bh=gaILQ18JLuGnj7yNXMf6txhesk5a8baFJf6ibcteMj8=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=Y3wXkZvfXCAEPWGIk6oZpiW1L3JwrlkAAE0vqxdk6d03dw/L+Nn6t6tZtsr8cwiYnx1IbVSEYzPacD+QzAVCXJIBW6+rrI5Gd39porthM4douMKaGAsu/Aq3w/WVddMcAxHse1WsYXA3MYT/w6E6fsEHE9bqNedPq7CmxIc6Yk8=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 24FE23C011BDB;
 Tue,  2 Apr 2024 13:03:31 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id qUdQRx7sh-RN; Tue,  2 Apr 2024 13:03:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id C94693C011BDC;
 Tue,  2 Apr 2024 13:03:30 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu C94693C011BDC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1712088210;
 bh=RINmP4vhSxjojtnRA2RD0JK5x2AKwEt9o4aXRftF/Vo=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=NEtR+EbaXbcpibpJ3HkWsZ/V/9okRzZdVDOSxn4GaoYmM1OK9R20OD74A4DuKtlR8
 +OnhdKPOUMkPjzyIn74cT7QMYIl8BMph+sHeJhCG3B8+eG2AXdT+avK14MmD93rXO4
 KPsJPk44+oh/aJaZVkKJimuK2o83/wJnIB6ciLo5vAUxt9CMlScB8L8jqRROaROJ3B
 ZHLzGqFtAzncOEY29DFOrqExtBnV1GAg/eD2dK4PmyY5XDYzaoK7NTcMbCZIMSx9Mu
 T+ymnw7t4zPD2Rkd6gRl3v6UW9HWmSLLrCRV5lOi7Ovm43mTlcOwcyJYNhgEqcUpM5
 r5aVrUYiQIlJA==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id baIhidTIVTwA; Tue,  2 Apr 2024 13:03:30 -0700 (PDT)
Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id A6DA63C011BDB;
 Tue,  2 Apr 2024 13:03:30 -0700 (PDT)
Message-ID: <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
Date: Tue, 2 Apr 2024 13:03:26 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
To: Sandra Loosemore <sloosemore@baylibre.com>, Mark Wielaard
 <mark@klomp.org>, overseers@sourceware.org
Cc: gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org,
 libc-alpha@sourceware.org
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
Content-Language: en-US
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces+public-inbox=simark.ca@sourceware.org>

On 4/2/24 12:54, Sandra Loosemore wrote:
> Do we to harden our process, too, to require all patches to be signed 
> off by someone else before committing?

It's easy for an attacker to arrange to have "someone else" in cahoots.

Although signoffs can indeed help catch inadvertent mistakes, they're 
relatively useless against determined attacks of this form, and we must 
assume that nation-state attackers will be determined.