From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-bounces+public-inbox=simark.ca@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id oNWXN7NoDWa9hyEAWB0awg
	(envelope-from <gdb-bounces+public-inbox=simark.ca@sourceware.org>)
	for <public-inbox@simark.ca>; Wed, 03 Apr 2024 10:33:23 -0400
Authentication-Results: simark.ca;
	dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=ggww7WOW;
	dkim-atps=neutral
Received: by simark.ca (Postfix, from userid 112)
	id D5A5B1E0C0; Wed,  3 Apr 2024 10:33:23 -0400 (EDT)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id C47761E030
	for <public-inbox@simark.ca>; Wed,  3 Apr 2024 10:33:21 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 5436E384645B
	for <public-inbox@simark.ca>; Wed,  3 Apr 2024 14:33:21 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5436E384645B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1712154801;
	bh=fS8Bkf2oXkWvguHYfk8dHKfQHuy6/SU8XAPm0+tndWo=;
	h=Subject:To:CC:Date:In-Reply-To:References:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From:Reply-To:From;
	b=ggww7WOW25Rk4AY9kkx/7vpSJ6cxg2RWkSyg2Bj1iFON4PS7cV9EVKox9n/mF7lwV
	 amSWA+u/vD0cO07H+fXimENGURWvunie411zrSbFzNvKsxwBnKrNko0Z0aoauJzAx9
	 ynwOPVVJ9717HRj0bamIQDUCOwuwISDdKIfhobUo=
Received: from mx-2023-1.gwdg.de (mx-2023-1.gwdg.de [134.76.10.21])
 by sourceware.org (Postfix) with ESMTPS id 6A15B3846405;
 Wed,  3 Apr 2024 14:32:29 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6A15B3846405
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6A15B3846405
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712154751; cv=none;
 b=Il5fmVU9h9DT5I1+41rq0MC6RwgNybnB66OrC8hRPiNKFuS/L3zhczrnE/+lSTRqJf7Ro1aEY/jBfhYQuBf4WCcHKdn3r5VKXY4j82aj3b8EkGmBbjch5m9U7iSfP37Cn7k+AVCQMC+8zxv4Vk38nAfmS+wCMggtw2366GUtuNI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1712154751; c=relaxed/simple;
 bh=hxPPJ9KyIVy1trgSn/9O1PbFa8vOIMAyYAR8RIT+XA4=;
 h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version;
 b=rnP5uIOTb5yX0vdFrjpOacyJvKtCVVlaG1rLc/UL4mpd/n+4Ne4yHLor/C82NAfv/VY/6djXeDqbg2jyd/yDB+ZZ7TbuwM99p72P4jKaxoqaEHYZrRFKXztv7XYjlFw1DpQ7vZwNjiiRultvXFZCh8AnGhAaFsYUOt7Yn0QnqAw=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from xmailer.gwdg.de ([134.76.10.29]:50544)
 by mailer.gwdg.de with esmtp (GWDG Mailer)
 (envelope-from <muecker@gwdg.de>) id 1rs1ez-005ukd-1V;
 Wed, 03 Apr 2024 16:32:17 +0200
Received: from excmbx-29.um.gwdg.de ([134.76.9.204] helo=email.gwdg.de)
 by mailer.gwdg.de with esmtp (GWDG Mailer)
 (envelope-from <muecker@gwdg.de>) id 1rs1ez-0007Su-0h;
 Wed, 03 Apr 2024 16:32:17 +0200
Received: from [192.168.0.221] (10.250.9.199) by EXCMBX-29.um.gwdg.de
 (134.76.9.204) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.37; Wed, 3 Apr
 2024 16:32:16 +0200
Message-ID: <c805cf36a25821223d5bda6c8bb84f7d536019de.camel@gwdg.de>
Subject: Re: Sourceware mitigating and preventing the next xz-backdoor
To: Michael Matz <matz@suse.de>
CC: Ian Lance Taylor <iant@golang.org>, Paul Koning <paulkoning@comcast.net>, 
 Paul Eggert <eggert@cs.ucla.edu>, "Sandra Loosemore"
 <sloosemore@baylibre.com>, Mark Wielaard <mark@klomp.org>,
 <overseers@sourceware.org>, <gcc@gcc.gnu.org>, <binutils@sourceware.org>,
 <gdb@sourceware.org>, <libc-alpha@sourceware.org>
Date: Wed, 3 Apr 2024 16:32:15 +0200
In-Reply-To: <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
References: <20240329203909.GS9427@gnu.wildebeest.org>
 <20240401150617.GF19478@gnu.wildebeest.org>
 <fc3d8fe6-bfec-474d-a9ed-895067654603@baylibre.com>
 <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu>
 <FC0B14DF-0B05-4896-B70F-7D994961D5C2@comcast.net>
 <CAKOQZ8zfgq4xyFkQSFBZpU26g7eh=nr+fiQeAWVeba68DX7DeQ@mail.gmail.com>
 <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at>
 <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.46.4-2 
MIME-Version: 1.0
X-Originating-IP: [10.250.9.199]
X-ClientProxiedBy: MBX19-GWD-08.um.gwdg.de (10.108.142.61) To
 EXCMBX-29.um.gwdg.de (134.76.9.204)
X-Virus-Scanned: (clean) by clamav
X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
From: Martin Uecker via Gdb <gdb@sourceware.org>
Reply-To: Martin Uecker <muecker@gwdg.de>
Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org
Sender: "Gdb" <gdb-bounces+public-inbox=simark.ca@sourceware.org>

Am Mittwoch, dem 03.04.2024 um 16:00 +0200 schrieb Michael Matz:
> Hello,
>=20
> On Wed, 3 Apr 2024, Martin Uecker via Gcc wrote:
>=20
> > > > Seems reasonable, but note that it wouldn't make any difference to
> > > > this attack.  The liblzma library was modified to corrupt the sshd
> > > > binary, when sshd was linked against liblzma.  The actual attack
> > > > occurred via a connection to a corrupt sshd.  If sshd was running a=
s
> > > > root, as is normal, the attacker had root access to the machine.  N=
one
> > > > of the attacking steps had anything to do with having root access
> > > > while building or installing the program.
> >=20
> > There does not seem a single good solution against something like this.
> >=20
> > My take a way is that software needs to become less complex. Do=C2=A0
> > we really still need complex build systems such as autoconf?
>=20
> Do we really need complex languages like C++ to write our software in? =
=20
> SCNR :) =C2=A0

Probably not.

> Complexity lies in the eye of the beholder, but to be honest in=20
> the software that we're dealing with here, the build system or autoconf=
=20
> does _not_ come to mind first when thinking about complexity.

The backdoor was hidden in a complicated autoconf script...

>=20
> (And, FWIW, testing for features isn't "complex".  And have you looked at=
=20
> other build systems?  I have, and none of them are less complex, just=20
> opaque in different ways from make+autotools).

I ask a very specific question: To what extend is testing=C2=A0
for features instead of semantic versions and/or supported
standards still necessary?  This seems like a problematic approach
that=C2=A0 may have been necessary decades ago, but it seems it may be
time to move on.


Martin