Sourceware mitigating and preventing the next xz-backdoor
Paul Koning
paulkoning@comcast.net
Tue Apr 2 20:20:01 GMT 2024
> On Apr 2, 2024, at 4:03 PM, Paul Eggert <eggert@CS.UCLA.EDU> wrote:
>
> On 4/2/24 12:54, Sandra Loosemore wrote:
>> Do we to harden our process, too, to require all patches to be signed off by someone else before committing?
>
> It's easy for an attacker to arrange to have "someone else" in cahoots.
>
> Although signoffs can indeed help catch inadvertent mistakes, they're relatively useless against determined attacks of this form, and we must assume that nation-state attackers will be determined.
Another consideration is the size of the project. "Many eyeballs" helps if there are plenty of people watching. For smaller tools that have only a small body of contributors, it's easier for one or two malicious ones to subvert things.
Would it help to require (rather than just recommend) "don't use root except for the actual 'install' step" ?
paul
More information about the Binutils
mailing list