RFC: Adding a SECURITY.md document to the Binutils

Paul Koning paulkoning@comcast.net
Wed Apr 12 16:58:39 GMT 2023



> On Apr 12, 2023, at 12:52 PM, Richard Earnshaw via Gdb <gdb@sourceware.org> wrote:
> 
> On 12/04/2023 17:26, Siddhesh Poyarekar wrote:
>> ...
>> Ack, I reckon this should be addressed by "corrupt output files from valid trusted inputs".  If that's not clear enough, could you suggest alternative phrasing that makes it clearer?
> 
> I'm not sure corrupt is general enough.  Each instruction in the binary might be completely legal, but their sequencing could leave some vulnerabilities (think spectre, for example, but that's pretty extreme).
> 
> Perhaps something like "... this means that the tools introduce a vulnerability in the output file that was not present in the input files being processed".  I think with that wording you probably don't even need the last sentence in the first paragraph.

I agree.  The scenario in "Reflections on trusting trust", Ken Thompson's famous paper, comes to mind.  It might be worth adding that as a reference.

	paul




More information about the Gdb mailing list