From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id KOu/ObD3N2SioSoAWB0awg (envelope-from ) for ; Thu, 13 Apr 2023 08:38:08 -0400 Received: by simark.ca (Postfix, from userid 112) id D8F1D1E221; Thu, 13 Apr 2023 08:38:08 -0400 (EDT) Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=KmQCvEg3; dkim-atps=neutral X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-8.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,NICE_REPLY_A, RCVD_IN_DNSWL_HI,RDNS_DYNAMIC,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 6C52E1E0D3 for ; Thu, 13 Apr 2023 08:38:08 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2A172385840C for ; Thu, 13 Apr 2023 12:38:07 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2A172385840C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1681389487; bh=G2lrAkX4/VLu/RuvquZ/+ljzWIePq7E1WNzKGpReVLk=; h=Date:Subject:To:Cc:References:In-Reply-To:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=KmQCvEg3B1VDpZRYrNkS3hJsfUuMoPdY3MZqSQIFSUhYy2ZdEtBvc3dDPsFFQF7wY Tq7V5RsxVVkq7kVfh1COEJ+wSjaWs2yCMy7+04PH2QCd2R06dBNz+LLlHY618As3fM 3n/hxXPyvNW35zwLbqDtrwQfNjd2UVICryckKa10= Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 8E5113858D32; Thu, 13 Apr 2023 12:37:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8E5113858D32 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BCE51D75; Thu, 13 Apr 2023 05:38:24 -0700 (PDT) Received: from [10.2.78.76] (unknown [10.2.78.76]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 966EF3F73F; Thu, 13 Apr 2023 05:37:39 -0700 (PDT) Message-ID: Date: Thu, 13 Apr 2023 13:37:38 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.0 Subject: Re: RFC: Adding a SECURITY.md document to the Binutils Content-Language: en-GB To: Siddhesh Poyarekar , Nick Clifton , Binutils Cc: "gdb@sourceware.org" References: <1c38b926-e003-0e21-e7f1-3d5dbec2aabf@redhat.com> <5b147005-bd28-4cf9-b9e7-479ef02cb1ad@foss.arm.com> <5d044987-39eb-a060-1b2b-9d07b1515e7d@gotplt.org> <73bc480a-a927-2773-8756-50350f76dfbf@gotplt.org> <4ed86e65-0b7f-11d4-8061-2c5d0b1e147e@foss.arm.com> <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org> In-Reply-To: <7b6b10f8-e480-8efa-fbb8-4fc4bf2cf356@gotplt.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Richard Earnshaw via Gdb Reply-To: Richard Earnshaw Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" On 13/04/2023 12:53, Siddhesh Poyarekar wrote: > On 2023-04-13 06:25, Richard Earnshaw wrote: >> So mention of networks reminds me that you don't always need privilege >> escalation to have a security compromise - simply transmitting a file >> to a third party, if that wasn't intended, would be enough. > > None of the tools can guarantee this with untrusted input when executing > as a local user; this is why the last bit of sandboxing to analyze > untrusted input comes in. > >> So I would suggest: >> >> A security bug is one that threatens the security of a system or >> network, or might compromise the security of data stored on it.  In >> the context of GNU Binutils there are two ways in which such bugs >> might occur.  In the first, the programs themselves might be tricked >> into a direct compromise of security.  In the second, the tools might >> introduce > > "Direct compromise of security" is essentially what we're trying to > define more strongly to prevent spurious CVE assignments. If a user can be tricked into opening a corrupt file (eg object file) and that causes a buffer overflow that's then used to send another file to a third party, you can't really pretend that's not a direct compromise of security. We live in the real world and this sort of threat is real. > >> a vulnerability in the generated output that was not already present >> in the files used as input. >> >> Note: none of the programs in the GNU Binutils suite need elevated >> system privileges (eg setuid) to operate and we recommend that users >> do not use them from accounts where such privileges are automatically >> available. > > We did have CVE-2021-20197, so it's not always setuid. Which is exactly the sort of scenario I was trying to exclude by this statement - don't run the tools with elevated privileges. R. > > Thanks, > Sid