From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id ttMrETqDOWS2wSsAWB0awg (envelope-from ) for ; Fri, 14 Apr 2023 12:45:46 -0400 Received: by simark.ca (Postfix, from userid 112) id 34A131E221; Fri, 14 Apr 2023 12:45:46 -0400 (EDT) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=EBTgDwc7; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, RDNS_DYNAMIC,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id BF3AA1E11C for ; Fri, 14 Apr 2023 12:45:45 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 45D4A3858439 for ; Fri, 14 Apr 2023 16:45:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 45D4A3858439 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1681490745; bh=wugRkhdxLdHPupYTQ3zM+NHU0/fRrq7XkxaQNxnGscw=; h=Date:To:Cc:Subject:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=EBTgDwc7ku9eFV+98TZNpD+0XyLOau8mhgvBa0VqQMF//yd76W55EM/n40AR2uVnP Hu5UjmBv2vciQ1bfXxbpRJBRuOkKLSfWQ66ysvYapI2cJKgsTT4SWAGqnpX6ecF3R9 gqRbkvcMu7Y6sXfTlR+RMeaKVwrfm5ceDMORUMs4= Received: from bee.tesarici.cz (bee.tesarici.cz [IPv6:2a03:3b40:fe:2d4::1]) by sourceware.org (Postfix) with ESMTPS id B2D8F3858D20 for ; Fri, 14 Apr 2023 16:45:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B2D8F3858D20 Received: from meshulam.tesarici.cz (dynamic-2a00-1028-83b8-1e7a-4427-cc85-6706-c595.ipv6.o2.cz [IPv6:2a00:1028:83b8:1e7a:4427:cc85:6706:c595]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bee.tesarici.cz (Postfix) with ESMTPSA id 9C9A7156010; Fri, 14 Apr 2023 18:45:15 +0200 (CEST) Date: Fri, 14 Apr 2023 18:45:13 +0200 To: Richard Earnshaw Cc: gdb@sourceware.org Subject: Re: Threat model for GNU Binutils Message-ID: <20230414184513.5c82bc4a@meshulam.tesarici.cz> In-Reply-To: <539b2e82-b084-784b-673b-b175638454f8@foss.arm.com> References: <032c1307-c143-3f2c-0502-683d966f0257@foss.arm.com> <78f3e6a6-dec2-3aa2-d1b6-935d842add1e@gotplt.org> <5947697c-274f-58a7-af02-00618691021d@foss.arm.com> <20230414172538.1ddee8d5@meshulam.tesarici.cz> <539b2e82-b084-784b-673b-b175638454f8@foss.arm.com> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: =?utf-8?q?Petr_Tesa=C5=99=C3=ADk_via_Gdb?= Reply-To: Petr =?UTF-8?B?VGVzYcWZw61r?= Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" On Fri, 14 Apr 2023 16:31:58 +0100 Richard Earnshaw wrote: > On 14/04/2023 16:25, Petr Tesa=C5=99=C3=ADk wrote: > > On Fri, 14 Apr 2023 15:41:38 +0100 > > Richard Earnshaw via Gdb wrote: > > =20 > >> On 14/04/2023 15:08, Siddhesh Poyarekar wrote: =20 > >>> On 2023-04-14 09:12, Richard Earnshaw wrote: =20 > >> [...] =20 > >>>> 2) Code directly generated by the tools contains a vulnerability > >>>> > >>>> =C2=A0 Nature: > >>>> =C2=A0 The vast majority of code output from the tools comes from t= he input > >>>> =C2=A0 files supplied, but a small amount of 'glue' code might be n= eeded in > >>>> =C2=A0 some cases, for example to enable jumping to another functio= n in > >>>> =C2=A0 another part of the address space.=C2=A0 Linkers are also so= metimes asked > >>>> =C2=A0 to inject mitigations for known CPU errata when this cannot = be done > >>>> =C2=A0 during the compilation phase. =20 > >>> > >>> Since you've split this one out from machine instructions, there's a > >>> third category too; where binutils tools generate incorrect code for > >>> alignment of sections, sizes of sections, etc.=C2=A0 There's also a (= rare) > >>> possibility of an infrequently used instruction having incorrect opco= de > >>> mapping, resulting in a bug being masked when dumped with objdump or > >>> resulting code having undefined behaviour. > >>> =20 > >=20 > > I must be dumb, but isn't the biggest risk is that GNU Binutils produce > > an exploitable bug in the target binary? > >=20 > > Let me give a silly hypothetical example. If the linker places Global > > Offset Table incorrectly, so that it overlaps stack, then I would > > definitely consider it a security bug in GNU Binutils, because all > > input object files were OK, but the result is not. > >=20 > > Just my two cents, > > Petr T =20 >=20 > This probably comes under the 2) of generated output, but it could be=20 > more explicit. Layout bugs is also something Sid alluded to with his=20 > comments about alignment. Ah. Since you wrote "code", I had the impression you considered only machine code. I wanted to make it clear that *anything* in the output can be potentially security-relevant. Petr T