RFC: Adding a SECURITY.md document to the Binutils
Paul Koning
paulkoning@comcast.net
Wed Apr 12 16:58:39 GMT 2023
> On Apr 12, 2023, at 12:52 PM, Richard Earnshaw via Gdb <gdb@sourceware.org> wrote:
>
> On 12/04/2023 17:26, Siddhesh Poyarekar wrote:
>> ...
>> Ack, I reckon this should be addressed by "corrupt output files from valid trusted inputs". If that's not clear enough, could you suggest alternative phrasing that makes it clearer?
>
> I'm not sure corrupt is general enough. Each instruction in the binary might be completely legal, but their sequencing could leave some vulnerabilities (think spectre, for example, but that's pretty extreme).
>
> Perhaps something like "... this means that the tools introduce a vulnerability in the output file that was not present in the input files being processed". I think with that wording you probably don't even need the last sentence in the first paragraph.
I agree. The scenario in "Reflections on trusting trust", Ken Thompson's famous paper, comes to mind. It might be worth adding that as a reference.
paul
More information about the Gdb
mailing list