From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id t+poJZJwOWRtsysAWB0awg (envelope-from ) for ; Fri, 14 Apr 2023 11:26:10 -0400 Received: by simark.ca (Postfix, from userid 112) id 8D13D1E221; Fri, 14 Apr 2023 11:26:10 -0400 (EDT) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=xaqDbsVx; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-8.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 3F14B1E0D3 for ; Fri, 14 Apr 2023 11:26:10 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CD50C3858433 for ; Fri, 14 Apr 2023 15:26:09 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CD50C3858433 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1681485969; bh=AZ8Ep8lAaDcAaC+j5bYR73CptEiAHixhgqjfdgDL9FU=; h=Date:To:Cc:Subject:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=xaqDbsVxX/MvAMQAKe2iopHxh46pG2qO9l4Ntf/U+6C5jOyNM2zvIkqjD8IKt6tr8 X04TZt04UUk/kIMPcBO2VMVeWBVEIsY86KnXQxmBxCycF9FjDf/Q3bu5njvNk8SG7t Y9/waul4HNP/aF/IBSleYJv9yQWHh5pcMGuqyxVw= Received: from bee.tesarici.cz (bee.tesarici.cz [77.93.223.253]) by sourceware.org (Postfix) with ESMTPS id DC63B3858D20 for ; Fri, 14 Apr 2023 15:25:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DC63B3858D20 Received: from meshulam.tesarici.cz (dynamic-2a00-1028-83b8-1e7a-4427-cc85-6706-c595.ipv6.o2.cz [IPv6:2a00:1028:83b8:1e7a:4427:cc85:6706:c595]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bee.tesarici.cz (Postfix) with ESMTPSA id 67A3C153CFF; Fri, 14 Apr 2023 17:25:40 +0200 (CEST) Date: Fri, 14 Apr 2023 17:25:38 +0200 To: gdb@sourceware.org Cc: Richard Earnshaw Subject: Re: Threat model for GNU Binutils Message-ID: <20230414172538.1ddee8d5@meshulam.tesarici.cz> In-Reply-To: <5947697c-274f-58a7-af02-00618691021d@foss.arm.com> References: <032c1307-c143-3f2c-0502-683d966f0257@foss.arm.com> <78f3e6a6-dec2-3aa2-d1b6-935d842add1e@gotplt.org> <5947697c-274f-58a7-af02-00618691021d@foss.arm.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: =?utf-8?q?Petr_Tesa=C5=99=C3=ADk_via_Gdb?= Reply-To: Petr =?UTF-8?B?VGVzYcWZw61r?= Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" On Fri, 14 Apr 2023 15:41:38 +0100 Richard Earnshaw via Gdb wrote: > On 14/04/2023 15:08, Siddhesh Poyarekar wrote: > > On 2023-04-14 09:12, Richard Earnshaw wrote: =20 >[...] > >> 2) Code directly generated by the tools contains a vulnerability > >> > >> =C2=A0 Nature: > >> =C2=A0 The vast majority of code output from the tools comes from the = input > >> =C2=A0 files supplied, but a small amount of 'glue' code might be need= ed in > >> =C2=A0 some cases, for example to enable jumping to another function in > >> =C2=A0 another part of the address space.=C2=A0 Linkers are also somet= imes asked > >> =C2=A0 to inject mitigations for known CPU errata when this cannot be = done > >> =C2=A0 during the compilation phase. =20 > >=20 > > Since you've split this one out from machine instructions, there's a=20 > > third category too; where binutils tools generate incorrect code for=20 > > alignment of sections, sizes of sections, etc.=C2=A0 There's also a (ra= re)=20 > > possibility of an infrequently used instruction having incorrect opcode= =20 > > mapping, resulting in a bug being masked when dumped with objdump or=20 > > resulting code having undefined behaviour. > > =20 I must be dumb, but isn't the biggest risk is that GNU Binutils produce an exploitable bug in the target binary? Let me give a silly hypothetical example. If the linker places Global Offset Table incorrectly, so that it overlaps stack, then I would definitely consider it a security bug in GNU Binutils, because all input object files were OK, but the result is not. Just my two cents, Petr T