From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces+public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id SavHLoa+FWbpfSkAWB0awg
	(envelope-from <gdb-bounces+public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Tue, 09 Apr 2024 18:17:42 -0400
Authentication-Results: simark.ca;
	dkim=pass (2048-bit key; unprotected) header.d=cs.ucla.edu header.i=@cs.ucla.edu header.a=rsa-sha256 header.s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C header.b=Pb1cMY9y;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id 971311E0C0; Tue,  9 Apr 2024 18:17:42 -0400 (EDT)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 785C11E030
	for <public-inbox@simark.ca>; Tue,  9 Apr 2024 18:17:40 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 041513885C3A
	for <public-inbox@simark.ca>; Tue,  9 Apr 2024 22:17:40 +0000 (GMT)
Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66])
 by sourceware.org (Postfix) with ESMTPS id 7469E38754A1;
 Tue,  9 Apr 2024 22:15:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7469E38754A1
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=cs.ucla.edu
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7469E38754A1
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=131.179.128.66
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712700925; cv=none;
 b=DrLdRkFGZYERrrNq/rayfSyndhlA4aOXkG3NF7li0ZxaFcYDfu0sSG9+itg1yeX2S7Ffqbmu1Qes6blZWtw18pQN6bs/ditgtq742bKSBGVbJful7CHPym9UmQ1drR2nKqYfG/Pg4/HxAn8BB/Nsi4IWxiUgd5Znaun2PqDHjKs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1712700925; c=relaxed/simple;
 bh=bK5Se3jaLxZSzdM6dzuxokWpLBAj8d3+xgkOBuUn4P8=;
 h=DKIM-Signature:Message-ID:Date:MIME-Version:Subject:To:From;
 b=MuYNUHCXkAnlY1STvc5qFZKdAjuRbCNq4ohnR1jFrt8dr3y64+VH911iVSxZgNdDULDvfkgn1hAG1W73YUXd5RnUcFJ9ZhQPbXMXRHNtEOgnsihkNzF0Q9rFVwYzmTijoXMxquy60XzM6X7UyjyeeueGqArQyUgi9Jyt5qoEukc=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id C5A4A3C00F4E2;
 Tue,  9 Apr 2024 15:15:22 -0700 (PDT)
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10032) with ESMTP
 id NE2Psk5nABWu; Tue,  9 Apr 2024 15:15:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
 by mail.cs.ucla.edu (Postfix) with ESMTP id 6ECD23C00F4E3;
 Tue,  9 Apr 2024 15:15:22 -0700 (PDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 6ECD23C00F4E3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu;
 s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1712700922;
 bh=sxXaWnyOJPtmCnOyI9RJKzfaNX2KrJ2fIEX3qERbiuw=;
 h=Message-ID:Date:MIME-Version:To:From;
 b=Pb1cMY9yyJQs+NYllfPB+NmyxG/Qdur1wPPecs7YF7AyjhxZ2DIVUUW8u3PgGgtPq
 pTyX1kgZ/hONmTm4alhlAgVeJMha+Lx8O94Oh17WNbHCcZj7XvDzCUTPOVyJynCJqU
 LD1BqGca4ntfJIvLbBNpf1gTIyimoNKa+FrJDyEMuMLG15PSgtdbeqwvUx1vj06u9t
 jLb0bslyRagw+cRnOzIcG3a98ey0QX6Qz7lM9qbRgqbL0r0kEdp6mlCbzuHKIFpVbs
 lPVgDMpsAKAmtYxA2gFunRcD3TZqvcsVwmQHeGgGcTNZq7ItXKX/Ooy99mEyhqYuWX
 UpV/cM2MDI7rg==
X-Virus-Scanned: amavis at mail.cs.ucla.edu
Received: from mail.cs.ucla.edu ([127.0.0.1])
 by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavis, port 10026) with ESMTP
 id i3P9lfNrztGU; Tue,  9 Apr 2024 15:15:22 -0700 (PDT)
Received: from [131.179.64.200] (Penguin.CS.UCLA.EDU [131.179.64.200])
 by mail.cs.ucla.edu (Postfix) with ESMTPSA id 33DA03C00F4E2;
 Tue,  9 Apr 2024 15:15:22 -0700 (PDT)
Message-ID: <79d33b2f-10fe-43a9-8260-878b78bb5ed6@cs.ucla.edu>
Date: Tue, 9 Apr 2024 15:15:21 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
To: Sam James <sam@gentoo.org>
Cc: noloader@gmail.com, Paul Koning <paulkoning@comcast.net>,
 Jonathon Anderson <anderson.jonathonm@gmail.com>,
 Andreas Schwab <schwab@linux-m68k.org>, Michael Matz <matz@suse.de>,
 Martin Uecker <uecker@tugraz.at>, Ian Lance Taylor <iant@golang.org>,
 Sandra Loosemore <sloosemore@baylibre.com>, Mark Wielaard <mark@klomp.org>,
 overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org,
 gdb@sourceware.org, libc-alpha@sourceware.org
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
 <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
 <FC0B14DF-0B05-4896-B70F-7D994961D5C2@comcast.net>
 <CAKOQZ8zfgq4xyFkQSFBZpU26g7eh=nr+fiQeAWVeba68DX7DeQ@mail.gmail.com>
 <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at>
 <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
 <cfa8d1d4ffddc1133e3477de31d2237e13bda2d0.camel@gmail.com>
 <41394737-6f2d-86e7-5742-e0a794f9f63c@suse.de>
 <4dd125546c920da4cc744a93f230917a7311c7fb.camel@gmail.com>
 <87h6gazafa.fsf@igel.home>
 <CAO_N0o2PfFdvwCLxqtszLi1ji=1Tr7k6F0Ec07teePz8YuyZQw@mail.gmail.com>
 <62A5C6AE-FE86-48EA-8E0D-E1B17959C8EA@comcast.net>
 <CAH8yC8=cXn5==_aV=2tW7jfnjrf3umKNAFT0cOgpjNBbGBru-w@mail.gmail.com>
 <7515b86c-f5d1-49fc-a462-8f9005bc462f@cs.ucla.edu>
 <87y19mxkog.fsf@gentoo.org>
Content-Language: en-US
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
In-Reply-To: <87y19mxkog.fsf@gentoo.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces+public-inbox=simark.ca@sourceware.org>

On 4/9/24 14:58, Sam James wrote:
> Meson doesn't allow user-defined functions

Meson has ways to execute arbitrary user-defined code, so it's not 
immune to this sort of exploit.

It's of course better (all other things being equal) to use a build 
system with a smaller attack surface. However, any surface of nonzero 
size is attackable, so I'm not convinced that Meson is significantly 
safer against a determined insider. Although the xz exploit was tricky 
and is now famous (hey! the front page of the New York Times!) 
fundamentally it was sloppy and amateurish and it succeeded only because 
xz's project management was even sloppier.

Yes, we need to defend against amateurish attacks. But we shouldn't 
waste valuable developer time on defenses that won't work against 
obvious future attacks and that will likely cost more than they'll 
benefit. That's just security theater.