From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Paul Koning <paulkoning@comcast.net>
Cc: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
Nick Clifton <nickc@redhat.com>,
Binutils <binutils@sourceware.org>,
"gdb@sourceware.org" <gdb@sourceware.org>
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Date: Thu, 13 Apr 2023 13:00:50 -0400 [thread overview]
Message-ID: <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org> (raw)
In-Reply-To: <E8772797-9BC6-412D-B03B-51151B90D706@comcast.net>
On 2023-04-13 12:49, Paul Koning wrote:
> If someone sends me an executable file, and I execute it and suffer a virus, shame on me. If someone sends me a C source file and I compile and link that BUT DO NOT EXECUTE the resulting executable, and I suffer a virus, shame on the tool.
If someone sends me a C source file and I compile and link it without
inspecting it first, then definitely shame on me again. Compilers and
linkers assume *trusted* input.
> I don't expect the act of compiling or linking or objdumping to compromise my system's security, any more than I expect the act of editing a text file to do so. The key point is expectation. I'm reminded of a legal rule seen, for example, in "expectation of privacy": I should assume I can be seen when walking around town, but it is valid for me to assume I'm not seen when at home in my bathroom. Similarly, I should assume my system can get attacked when I execute a program, but it is reasonable for me to assume no attack is possible when I run gcc or objdump (or hexdump or cat).
>
It's valid for you to assume that you're not seen when you're at home in
your bathroom. However, if you take a random device someone gives you
with you in your bathroom without actually checking what it does...
Anyway like I said to Richard, it's all well and good to say that
binutils *should* be able to handle untrusted inputs. The reality is
that it is not in a position to make that claim and the only reasonable
security position the project can take is to strongly recommend either
validating inputs (to make them trusted) or running the tools in a sandbox.
Sid
next prev parent reply other threads:[~2023-04-13 17:01 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-07 8:42 Nick Clifton via Gdb
2023-04-07 10:36 ` Eli Zaretskii via Gdb
2023-04-11 13:29 ` Nick Clifton via Gdb
2023-04-11 14:23 ` Simon Marchi via Gdb
2023-04-11 15:00 ` Eli Zaretskii via Gdb
2023-04-11 16:22 ` Nick Clifton via Gdb
2023-04-11 16:32 ` Matt Rice via Gdb
2023-04-11 18:18 ` J.W. Jagersma via Gdb
2023-04-12 8:43 ` Nick Clifton via Gdb
2023-04-08 6:30 ` Jan Beulich via Gdb
2023-04-10 18:30 ` John Baldwin
2023-04-20 15:56 ` Nick Clifton via Gdb
2023-04-11 19:45 ` Ian Lance Taylor via Gdb
2023-04-12 16:02 ` Richard Earnshaw via Gdb
2023-04-12 16:26 ` Siddhesh Poyarekar
2023-04-12 16:52 ` Richard Earnshaw via Gdb
2023-04-12 16:58 ` Paul Koning via Gdb
2023-04-12 17:10 ` Siddhesh Poyarekar
2023-04-13 3:51 ` Alan Modra via Gdb
2023-04-13 4:25 ` Siddhesh Poyarekar
2023-04-13 5:16 ` Alan Modra via Gdb
2023-04-13 12:00 ` Siddhesh Poyarekar
2023-04-13 10:25 ` Richard Earnshaw via Gdb
2023-04-13 11:53 ` Siddhesh Poyarekar
2023-04-13 12:37 ` Richard Earnshaw via Gdb
2023-04-13 12:54 ` Siddhesh Poyarekar
2023-04-13 13:11 ` Richard Earnshaw via Gdb
2023-04-13 13:35 ` Siddhesh Poyarekar
2023-04-13 13:40 ` Richard Earnshaw via Gdb
2023-04-13 13:56 ` Siddhesh Poyarekar
2023-04-13 14:50 ` Richard Earnshaw via Gdb
2023-04-13 15:02 ` Siddhesh Poyarekar
2023-04-13 15:05 ` Richard Earnshaw via Gdb
2023-04-13 16:42 ` Siddhesh Poyarekar
2023-04-14 9:52 ` Richard Earnshaw via Gdb
2023-04-14 12:43 ` Siddhesh Poyarekar
2023-04-14 12:49 ` Richard Earnshaw via Gdb
2023-04-14 13:13 ` Siddhesh Poyarekar
2023-04-13 15:08 ` Paul Koning via Gdb
2023-04-13 16:02 ` Siddhesh Poyarekar
2023-04-13 16:49 ` Paul Koning via Gdb
2023-04-13 17:00 ` Siddhesh Poyarekar [this message]
2023-04-13 17:05 ` Paul Koning via Gdb
2023-04-13 17:29 ` Siddhesh Poyarekar
2023-04-13 17:37 ` Paul Koning via Gdb
2023-04-13 18:16 ` Siddhesh Poyarekar
2023-04-14 17:37 ` Ian Lance Taylor via Gdb
2023-04-14 18:27 ` Siddhesh Poyarekar
2023-04-14 20:46 ` Ian Lance Taylor via Gdb
2023-04-14 21:24 ` Siddhesh Poyarekar
2023-04-17 15:31 ` Michael Matz via Gdb
2023-04-17 19:55 ` Ian Lance Taylor via Gdb
2023-04-14 19:45 ` DJ Delorie via Gdb
2023-04-14 20:49 ` Ian Lance Taylor via Gdb
2023-04-15 6:41 ` Xi Ruoyao via Gdb
2023-04-13 16:06 ` Richard Earnshaw via Gdb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=Richard.Earnshaw@foss.arm.com \
--cc=binutils@sourceware.org \
--cc=gdb@sourceware.org \
--cc=nickc@redhat.com \
--cc=paulkoning@comcast.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox