From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces+public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id 2Pz+IZdHEWY8rCUAWB0awg
	(envelope-from <gdb-bounces+public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Sat, 06 Apr 2024 09:01:11 -0400
Authentication-Results: simark.ca;
	dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=Svc6vCmc;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id 7CF951E0C0; Sat,  6 Apr 2024 09:01:11 -0400 (EDT)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id 5EE151E030
	for <public-inbox@simark.ca>; Sat,  6 Apr 2024 09:01:09 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id B587C384B06A
	for <public-inbox@simark.ca>; Sat,  6 Apr 2024 13:01:08 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B587C384B06A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1712408468;
	bh=pPuMZvff/jvzqKLtGjdlc9W9aY7G4htFJ4x8ASeEElg=;
	h=References:In-Reply-To:Date:Subject:To:Cc:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=Svc6vCmcZ6jtrj7n3cmJS9Elt3m5Jq90U8qvKjwqUwvX9GK17YP440/gw4iHjGU3m
	 PNbo2ZhXnz3ogTZAVVV/8Bs4vZ4a7am4lNq7WhsDJAaVT+gTPrx48mnDlM7rbDrwT+
	 lLKBOBd3HxjNb475XLHlPOv+SykprFaN63V1tX0M=
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com
 [IPv6:2a00:1450:4864:20::232])
 by sourceware.org (Postfix) with ESMTPS id 4CE013858D34;
 Sat,  6 Apr 2024 13:00:16 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4CE013858D34
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4CE013858D34
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712408418; cv=none;
 b=hBN47FFT6d2Zxe+NEtHw9uxZrqpBJxVFqtYzvxGHBOsBT5KvHNhN6hKmoZZi1NYFiBiz7ZfHUc2sbHPDBt3o88z9xqWeR9n96r2L56EzFqKdvOa9tAshLo02dWrmC7PNf5q2xjb88QFWk77ABAdJA4e4t5U2SYdh3k94TKejnuI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1712408418; c=relaxed/simple;
 bh=6s4+Q5QxzKR7MqCjNReV7ckR+R1yf+mdh/HV5a6LFjQ=;
 h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
 b=m+TmuwEw7KtWqFBrcxoWEjr6l691eSyphbXNiYOZdDLIMMr8KfChTlflnfOElXyuw5vSzulbA4Icpcj8780NOABzhudjMt9EDJp644GLJ1SvwFYR25CntB+x/8XEmkod5zyKttM2CxwUq17SZOqi9GnaDlV8whNqWNt8Qy7jwCc=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-lj1-x232.google.com with SMTP id
 38308e7fff4ca-2d476d7972aso39614711fa.1; 
 Sat, 06 Apr 2024 06:00:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1712408415; x=1713013215;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=pPuMZvff/jvzqKLtGjdlc9W9aY7G4htFJ4x8ASeEElg=;
 b=IxsmSJe1MImon3Sy7HHvs6LQ5/4p48PlpAGqjrxnHJwG4oe27KCZdzPm66/UDtqB66
 p+enYjIXCOUYHh+bjDZ7LoLA9yLB2WqybVHK7s5PbeTHHZ/rYuhyCTUlGHjrech+qgCd
 QoeCUTuEMFBsWKDGFtATENgYPBX0sGdmlIimDJwVZUIqJgTGX0tk6TJJU+SSu4DEW4uX
 bw3btNBLCyNLH4B98CAIYMqaIFkllyJ7SIhz3PI0yMgPoNlU7F3Ta537Nr2U12QZn9lb
 T3ogZGjKXHL+kVINNn7xMEF1qDUN+BVCzaNe6qa2VGnjXpFcGmboS0UEDSujFA955THe
 UTWA==
X-Forwarded-Encrypted: i=1;
 AJvYcCW/7Q3Ze6B/BBQhL/inAMCyiLlNkU6BcIhXs2jhsFEDPJqT4tvMEOVB00nMmk9Se/nev8x6oy0p1u8nWLW8BdoA5rRuaqJFGumqjU7dlWaLLbrzQWmpuUiyCHedKdZqWm/4yHATg5z/oLUUmxvEN238+hzrr02s2XqrpBFBKcqV6MLa7rFQlTID+osWdPstoTs=
X-Gm-Message-State: AOJu0YwcuGLjZbzcP2nN1BRNaZfmnu+Xn0Pxog1K+4f++8CZfH6xzcCC
 R2Wa7tnxauFS+GhE+fJllmN78bzSrWn8YzURbIoh9ueV8KrW4wKHpWZok11JJd/7swBy2FY7+tK
 oFP7t6+lo+6nZyCjQnGLCYr9CWxc=
X-Google-Smtp-Source: AGHT+IGyMgg/84NFtYzAe5PRTlPDwy1qUq2uXmn70j4n0IE34lDvqHwLIU7So/8MUg79Sk2dendMX9CvCb+uttHEkOE=
X-Received: by 2002:a05:6512:4859:b0:516:d14b:435f with SMTP id
 ep25-20020a056512485900b00516d14b435fmr2812282lfb.14.1712408414577; Sat, 06
 Apr 2024 06:00:14 -0700 (PDT)
MIME-Version: 1.0
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
 <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
 <FC0B14DF-0B05-4896-B70F-7D994961D5C2@comcast.net>
 <CAKOQZ8zfgq4xyFkQSFBZpU26g7eh=nr+fiQeAWVeba68DX7DeQ@mail.gmail.com>
 <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at>
 <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
 <cfa8d1d4ffddc1133e3477de31d2237e13bda2d0.camel@gmail.com>
 <8d84f989031aa34eae919f8ff2d3cb4e60faf6a7.camel@gwdg.de>
 <CAFVAEf3j=BGZYu+dm8KmRKK9P1ONopuT=QWBHuJnjtXhqY672g@mail.gmail.com>
In-Reply-To: <CAFVAEf3j=BGZYu+dm8KmRKK9P1ONopuT=QWBHuJnjtXhqY672g@mail.gmail.com>
Date: Sat, 6 Apr 2024 15:00:03 +0200
Message-ID: <CAFiYyc11pjFtSkJbEJqhDN39YKx=XibgDpfZ7xsgS77EDM+1gw@mail.gmail.com>
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
To: Andrew Sutton <asutton.list@gmail.com>
Cc: Martin Uecker <muecker@gwdg.de>,
 Jonathon Anderson <anderson.jonathonm@gmail.com>, 
 Michael Matz <matz@suse.de>, Ian Lance Taylor <iant@golang.org>,
 Paul Koning <paulkoning@comcast.net>, 
 Paul Eggert <eggert@cs.ucla.edu>, Sandra Loosemore <sloosemore@baylibre.com>, 
 Mark Wielaard <mark@klomp.org>, overseers@sourceware.org, gcc@gcc.gnu.org, 
 binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
From: Richard Biener via Gdb <gdb@sourceware.org>
Reply-To: Richard Biener <richard.guenther@gmail.com>
Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces+public-inbox=simark.ca@sourceware.org>

On Fri, Apr 5, 2024 at 11:18=E2=80=AFPM Andrew Sutton via Gcc <gcc@gcc.gnu.=
org> wrote:
>
> >
> >
> >
> > > I think the key difference here is that Autotools allows arbitrarily
> > generated code to be executed at any time. More modern build systems
> > require the use of specific commands/files to run arbitrary code, e.g.
> > CMake (IIRC [`execute_process()`][2] and [`ExternalProject`][3]), Meson
> > ([`run_command()`][1]), Cargo ([`build.rs`][4]).\
> >
> > To me it seems that Cargo is the absolute worst case with respect to
> > supply chain attacks.
> >
> > It pulls in dependencies recursively from a relatively uncurated
> > list of projects, puts the source of all those dependencies into a
> > hidden directory in home, and runs Build.rs automatically with
> > user permissions.
> >
>
> 100% this. Wait until you learn how proc macros work.

proc macro execution should be heavily sandboxed, otherwise it seems
compiling something is enough to get arbitrary code executed with the
permission of the compiling user.  I mean it's not rocket science - browser=
s
do this for javascript.  Hmm, we need a webassembly target ;)

Richard.