From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id KNlBO2FhDWZrfyEAWB0awg (envelope-from ) for ; Wed, 03 Apr 2024 10:02:09 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=QnSaxMLz; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id E61C81E0C0; Wed, 3 Apr 2024 10:02:09 -0400 (EDT) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id D32741E030 for ; Wed, 3 Apr 2024 10:02:07 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E31F4386F41E for ; Wed, 3 Apr 2024 14:02:06 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E31F4386F41E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1712152926; bh=uVrudPsePX+xY73vmdHDBF+PNpp4Si6aJE4+V57mnTo=; h=Date:To:cc:Subject:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=QnSaxMLzpZNQmqmgUDpTdmWjKu7kovNI94iRTBg2An8+ZCLJL9z3PaqJIr4cEb6MU x4Po9CA+jgUsrd5VsUb8WBQ5RuJQj9JO6VWHarruRFB0RH/sEZl29KrjmQ3R8C/AF5 Lzw4faVELqGqr4ga6vbsYoluV1gsdXV6+LD+gO2s= Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2a07:de40:b251:101:10:150:64:1]) by sourceware.org (Postfix) with ESMTPS id F067C3858401; Wed, 3 Apr 2024 14:01:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org F067C3858401 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org F067C3858401 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712152874; cv=none; b=cXaGOGDG2C8+ex2jdCZMr+o3yDzJrmpEVWX74DYTv4ZPn6Hvs67CEUrmrYUdcF0bPCvf5jZKN5VU+5PqbFvEsrQXo/yd88AKGGmfV6C6kyTeWmRygL+TRBc4geP0CsEyqAvbNeR1LdXDYswORFgFABpUGCWYgPKCVTgoJ4Dmhc4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712152874; c=relaxed/simple; bh=XBHHi4uo1PujU8PlaalJHPHSa3WonjrJTDdVhTsIzGA=; h=DKIM-Signature:DKIM-Signature:Date:From:To:Subject:Message-ID: MIME-Version; b=mLXYhV0HqYWOxtaGBkltG2BJNQlEYVjAjG4N5QZZPvnh2xB1TvYd6VBHsVeoq3SsLxXFnogk+Wf93wOJbA3XKjo0N/pXgaHt6qnzEkX1UGH765skjr3eYSsnktgV41ZuHXbCMYsrKbYBBaLW3/QD1lM7bfOEmSahEi1YLSSzPTk= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from knuth.suse.de (unknown [10.168.5.16]) by smtp-out1.suse.de (Postfix) with ESMTP id 184223714B; Wed, 3 Apr 2024 14:01:12 +0000 (UTC) Received: by knuth.suse.de (Postfix, from userid 10510) id 01042345731; Wed, 3 Apr 2024 16:00:41 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by knuth.suse.de (Postfix) with ESMTP id E324B345730; Wed, 3 Apr 2024 16:00:41 +0200 (CEST) Date: Wed, 3 Apr 2024 16:00:41 +0200 (CEST) To: Martin Uecker cc: Ian Lance Taylor , Paul Koning , Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Subject: Re: Sourceware mitigating and preventing the next xz-backdoor In-Reply-To: <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> Message-ID: <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> MIME-Version: 1.0 X-Spamd-Result: default: False [0.79 / 50.00]; CTYPE_MIXED_BOGUS(1.00)[]; NEURAL_HAM_SHORT(-0.20)[-0.997]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; RCVD_NO_TLS_LAST(0.10)[]; BAYES_HAM(-0.01)[48.00%]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; FREEMAIL_CC(0.00)[golang.org,comcast.net,cs.ucla.edu,baylibre.com,klomp.org,sourceware.org,gcc.gnu.org]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FUZZY_BLOCKED(0.00)[rspamd.com]; FREEMAIL_ENVRCPT(0.00)[comcast.net]; MISSING_XM_UA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_COUNT_TWO(0.00)[2]; RCPT_COUNT_SEVEN(0.00)[11]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_SOME(0.00)[] X-Spam-Score: 0.79 X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.30 X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Michael Matz via Gdb Reply-To: Michael Matz Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" Hello, On Wed, 3 Apr 2024, Martin Uecker via Gcc wrote: > > > Seems reasonable, but note that it wouldn't make any difference to > > > this attack. The liblzma library was modified to corrupt the sshd > > > binary, when sshd was linked against liblzma. The actual attack > > > occurred via a connection to a corrupt sshd. If sshd was running as > > > root, as is normal, the attacker had root access to the machine. None > > > of the attacking steps had anything to do with having root access > > > while building or installing the program. > > There does not seem a single good solution against something like this. > > My take a way is that software needs to become less complex. Do  > we really still need complex build systems such as autoconf? Do we really need complex languages like C++ to write our software in? SCNR :) Complexity lies in the eye of the beholder, but to be honest in the software that we're dealing with here, the build system or autoconf does _not_ come to mind first when thinking about complexity. (And, FWIW, testing for features isn't "complex". And have you looked at other build systems? I have, and none of them are less complex, just opaque in different ways from make+autotools). Ciao, Michael.