From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id 583cByP3DGbYECEAWB0awg (envelope-from ) for ; Wed, 03 Apr 2024 02:28:51 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=aZ9LPrZW; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 112F91E0C0; Wed, 3 Apr 2024 02:28:51 -0400 (EDT) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id EDFEF1E08C for ; Wed, 3 Apr 2024 02:28:48 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 484EA3846402 for ; Wed, 3 Apr 2024 06:28:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 484EA3846402 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1712125728; bh=J2ZVN09yD+5d/+FjoBypO6i6koLVzCY0j/q+AiVil+w=; h=Subject:To:Cc:Date:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=aZ9LPrZWnSFWiBPwdvTOGXnOgaOCkHH1IS+TSeGly9GvtwSRX68TSlV0QgNiWbgbr YHSdo6p9SqV2aKy90UPapJYzD6A4FocUIQyKQBiOEEO9QTc3U4E4U1V/GjoKDw3STX r/+HuTv82tRPs1B8FGlEtVa07lKuLRxfgyP9XAKk= Received: from mailrelay.tugraz.at (mailrelay.tugraz.at [129.27.2.202]) by sourceware.org (Postfix) with ESMTPS id 3DB09384770C; Wed, 3 Apr 2024 06:26:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3DB09384770C ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 3DB09384770C ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712125616; cv=none; b=cA5YpUOPGpgpHgdXhSORaVWiHsGlHVhTRkEqJdjJ8iTTIVqPtljbWuJNX7Q+yWNRswKi3iWHj19kA7HOMNWMspFUFeX3kKScRaXNBhEP6xCpU7hpAHDsoBkwo+7t8bTD0Jz01SipYKLCpLR+O81QTzXXAETCCQ4nB3hB5m2vedk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712125616; c=relaxed/simple; bh=DMZaET7PimqgNf+Vx2Nt6XvpfWlzbFvVVa38ktB77MQ=; h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=URbCD/gyVXxzrU3yZ6JQoZuYdlcQxJTDckTmcyjZEs69YUPUTM0lQw9OtdImXW7G2VONsQ6W7V7vALMpaHpinJePs+yv53fwyLqJ67L1UX5fd15NRL+U4wvlEY+00O1x9utTVs0vDPH1Fk44VD1G3SiYMcr1Eu7UT+8RlP7Wxb0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from [192.168.0.221] (84-115-223-216.cable.dynamic.surfer.at [84.115.223.216]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4V8ZXS62h5z1LM0T; Wed, 3 Apr 2024 08:26:48 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4V8ZXS62h5z1LM0T Message-ID: <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Ian Lance Taylor , Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Date: Wed, 03 Apr 2024 08:26:47 +0200 In-Reply-To: References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-TUG-Backscatter-control: G/VXY7/6zeyuAY/PU2/0qw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.9 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, RCVD_IN_SBL_CSS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Martin Uecker via Gdb Reply-To: Martin Uecker Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" Am Dienstag, dem 02.04.2024 um 13:28 -0700 schrieb Ian Lance Taylor via Gcc= : > > On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > > >=20 > > > > Would it help to require (rather than just recommend) "don't use ro= ot except for the actual 'install' step" ? > >=20 > > Seems reasonable, but note that it wouldn't make any difference to > > this attack. The liblzma library was modified to corrupt the sshd > > binary, when sshd was linked against liblzma. The actual attack > > occurred via a connection to a corrupt sshd. If sshd was running as > > root, as is normal, the attacker had root access to the machine. None > > of the attacking steps had anything to do with having root access > > while building or installing the program. There does not seem a single good solution against something like this. My take a way is that software needs to become less complex. Do=C2=A0 we really still need complex build systems such as autoconf? Are there still so many different configurations with subtle differences=C2= =A0 that every single feature needs to be tested individually by running code at build time? Martin