From: Siddhesh Poyarekar <siddhesh@gotplt.org>
To: Alan Modra <amodra@gmail.com>
Cc: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>,
Nick Clifton <nickc@redhat.com>,
Binutils <binutils@sourceware.org>,
"gdb@sourceware.org" <gdb@sourceware.org>
Subject: Re: RFC: Adding a SECURITY.md document to the Binutils
Date: Thu, 13 Apr 2023 08:00:26 -0400 [thread overview]
Message-ID: <e51f57f4-d1d0-60f1-cc1b-eb085ee74d8d@gotplt.org> (raw)
In-Reply-To: <ZDeQGsSXpGULbPG6@squeak.grove.modra.org>
On 2023-04-13 01:16, Alan Modra wrote:
>> That's not a crossing of privilege boundaries;
>
> I know. Ah, I see. You were saying that only the very narrow case of
> a privilege escalation will be considered a "security bug". Fair
> enough I suppose, but that's close to the much simpler and more easily
> understood:
>
> "binutils makes no claim to being secure, ergo there are no security
> bugs".
More like, "don't put Turing complete interfaces out on the internet
without sandboxing for everyone to abuse, that's insecure" :)
I hope to put out something similar for gcc too, and pretty much every
compiler/translator out there because they're not programs that one puts
out on the internet and think that everything will be OK. They must be
sandboxed. The overzealous CVE assignments are simply wasting
everyone's time and distracting everyone from actual security issues.
Sid
next prev parent reply other threads:[~2023-04-13 12:00 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-07 8:42 Nick Clifton via Gdb
2023-04-07 10:36 ` Eli Zaretskii via Gdb
2023-04-11 13:29 ` Nick Clifton via Gdb
2023-04-11 14:23 ` Simon Marchi via Gdb
2023-04-11 15:00 ` Eli Zaretskii via Gdb
2023-04-11 16:22 ` Nick Clifton via Gdb
2023-04-11 16:32 ` Matt Rice via Gdb
2023-04-11 18:18 ` J.W. Jagersma via Gdb
2023-04-12 8:43 ` Nick Clifton via Gdb
2023-04-08 6:30 ` Jan Beulich via Gdb
2023-04-10 18:30 ` John Baldwin
2023-04-20 15:56 ` Nick Clifton via Gdb
2023-04-11 19:45 ` Ian Lance Taylor via Gdb
2023-04-12 16:02 ` Richard Earnshaw via Gdb
2023-04-12 16:26 ` Siddhesh Poyarekar
2023-04-12 16:52 ` Richard Earnshaw via Gdb
2023-04-12 16:58 ` Paul Koning via Gdb
2023-04-12 17:10 ` Siddhesh Poyarekar
2023-04-13 3:51 ` Alan Modra via Gdb
2023-04-13 4:25 ` Siddhesh Poyarekar
2023-04-13 5:16 ` Alan Modra via Gdb
2023-04-13 12:00 ` Siddhesh Poyarekar [this message]
2023-04-13 10:25 ` Richard Earnshaw via Gdb
2023-04-13 11:53 ` Siddhesh Poyarekar
2023-04-13 12:37 ` Richard Earnshaw via Gdb
2023-04-13 12:54 ` Siddhesh Poyarekar
2023-04-13 13:11 ` Richard Earnshaw via Gdb
2023-04-13 13:35 ` Siddhesh Poyarekar
2023-04-13 13:40 ` Richard Earnshaw via Gdb
2023-04-13 13:56 ` Siddhesh Poyarekar
2023-04-13 14:50 ` Richard Earnshaw via Gdb
2023-04-13 15:02 ` Siddhesh Poyarekar
2023-04-13 15:05 ` Richard Earnshaw via Gdb
2023-04-13 16:42 ` Siddhesh Poyarekar
2023-04-14 9:52 ` Richard Earnshaw via Gdb
2023-04-14 12:43 ` Siddhesh Poyarekar
2023-04-14 12:49 ` Richard Earnshaw via Gdb
2023-04-14 13:13 ` Siddhesh Poyarekar
2023-04-13 15:08 ` Paul Koning via Gdb
2023-04-13 16:02 ` Siddhesh Poyarekar
2023-04-13 16:49 ` Paul Koning via Gdb
2023-04-13 17:00 ` Siddhesh Poyarekar
2023-04-13 17:05 ` Paul Koning via Gdb
2023-04-13 17:29 ` Siddhesh Poyarekar
2023-04-13 17:37 ` Paul Koning via Gdb
2023-04-13 18:16 ` Siddhesh Poyarekar
2023-04-14 17:37 ` Ian Lance Taylor via Gdb
2023-04-14 18:27 ` Siddhesh Poyarekar
2023-04-14 20:46 ` Ian Lance Taylor via Gdb
2023-04-14 21:24 ` Siddhesh Poyarekar
2023-04-17 15:31 ` Michael Matz via Gdb
2023-04-17 19:55 ` Ian Lance Taylor via Gdb
2023-04-14 19:45 ` DJ Delorie via Gdb
2023-04-14 20:49 ` Ian Lance Taylor via Gdb
2023-04-15 6:41 ` Xi Ruoyao via Gdb
2023-04-13 16:06 ` Richard Earnshaw via Gdb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e51f57f4-d1d0-60f1-cc1b-eb085ee74d8d@gotplt.org \
--to=siddhesh@gotplt.org \
--cc=Richard.Earnshaw@foss.arm.com \
--cc=amodra@gmail.com \
--cc=binutils@sourceware.org \
--cc=gdb@sourceware.org \
--cc=nickc@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox