From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id iGZfG5+POWSkyisAWB0awg (envelope-from ) for ; Fri, 14 Apr 2023 13:38:39 -0400 Received: by simark.ca (Postfix, from userid 112) id 6B6771E221; Fri, 14 Apr 2023 13:38:39 -0400 (EDT) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=YHlQtdif; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, RDNS_DYNAMIC,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id E79881E11C for ; Fri, 14 Apr 2023 13:38:38 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B65B33858C3A for ; Fri, 14 Apr 2023 17:38:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B65B33858C3A DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1681493917; bh=DxRlHJBxQH8RYW+PYkDwPMVA1YVW1meozG73Q+qKrb4=; h=References:In-Reply-To:Date:Subject:To:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=YHlQtdifbS5t47vc+x16mI79VIcG4X+RG7ZZyHt7/ByDyY2Dmfe4MsEL4/R5Zw/dz PmCXU3nBM88AfSHHaLVOTSFcfF9PajzCYxoNW80GNar0VuGfHlT/eAiM4d9Td5LoMA ODZGBWUB8lbv+V7aUw10ThuLTQYwaWJxBlcSGVow= Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by sourceware.org (Postfix) with ESMTPS id 6B2FE3858C66 for ; Fri, 14 Apr 2023 17:38:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6B2FE3858C66 Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-94a356c7419so440986266b.2 for ; Fri, 14 Apr 2023 10:38:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681493889; x=1684085889; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DxRlHJBxQH8RYW+PYkDwPMVA1YVW1meozG73Q+qKrb4=; b=KC2AIMIb4O/OtPLESFi5kI6lUGCaB+bZNrRFqVavgbE2UIz+yqwdS0KFJEnjaAhmK8 WeLv3lgDxv6ODdPQxnEIDvUXgFE3I1gnJJpbSXfTeSK0GjgZHME3DGwCTqOywvYFldvq RTf0hEDE1qL5ZoPwtpEW6vN4mmV6wYS2utgLilPrhuho4jx6DBhcudT2Wl4Nfv1Zt2kr aDx1Uek+4njWzLiWUHRT+634frwl7hW+Wxesl9+URP3CgePdFW1lxQfiYkeuXsDzRgzl HTxudOC9c7q8MHN5HNykoFxFjJ0qBYUVQ1PydU1olPFzQpvdTkn3O1KMkMuGWkHQWWX9 l3+Q== X-Gm-Message-State: AAQBX9dFEMep1/HBYBU4ifTil6b4CHNyjEnW9pl6tvWaMV8CP1NxVQLJ XGmJlpyNfYVJ9UOMj9MlTcP7sam0wZu4FVGYTKSypw== X-Google-Smtp-Source: AKy350agXoDDGbaPxD5Ku1N3lCrjnVwSTmksxIpADnK0xyk5AM/90VeRx9+qH/m94KRGnc47dwzny8Cf+0p5Mx6TTJE= X-Received: by 2002:a50:a40d:0:b0:505:98c2:1222 with SMTP id u13-20020a50a40d000000b0050598c21222mr3507356edb.0.1681493889323; Fri, 14 Apr 2023 10:38:09 -0700 (PDT) MIME-Version: 1.0 References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com> <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com> <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org> <0224757b-6b17-f82d-c0bf-c36042489f5e@foss.arm.com> <01e846c0-c6bf-defe-0563-1ed6309b7038@gotplt.org> <2d4c7f13-8a35-3ce5-1f90-ce849a690e66@foss.arm.com> <01b8e177-abfd-549e-768f-1995cab5c81d@gotplt.org> <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org> In-Reply-To: <96e2ec59-11c6-329e-18c4-bf284eb752ac@gotplt.org> Date: Fri, 14 Apr 2023 10:37:57 -0700 Message-ID: Subject: Re: RFC: Adding a SECURITY.md document to the Binutils To: Siddhesh Poyarekar Cc: Paul Koning , Richard Earnshaw , Nick Clifton , Binutils , "gdb@sourceware.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Ian Lance Taylor via Gdb Reply-To: Ian Lance Taylor Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" On Thu, Apr 13, 2023 at 10:01=E2=80=AFAM Siddhesh Poyarekar wrote: > > On 2023-04-13 12:49, Paul Koning wrote: > > If someone sends me an executable file, and I execute it and suffer a v= irus, shame on me. If someone sends me a C source file and I compile and l= ink that BUT DO NOT EXECUTE the resulting executable, and I suffer a virus,= shame on the tool. > > If someone sends me a C source file and I compile and link it without > inspecting it first, then definitely shame on me again. Compilers and > linkers assume *trusted* input. I profoundly disagree with this. Compilers and linkers must behave in a reasonable manner when given untrusted input. Behaving reasonably can of course include failing with an error message like "program too large", but they must not dump core and they must not use up all available memory. They very much must not have a buffer overflow during compilation that causes them to execute arbitrary code. Users should not be expected to run compilers and linkers in a security sandbox (though it would be acceptable for a compiler to set up its own security sandbox if that seems useful). Ian