RFC: Adding a SECURITY.md document to the Binutils
Siddhesh Poyarekar
siddhesh@gotplt.org
Thu Apr 13 16:02:58 GMT 2023
On 2023-04-13 11:08, Paul Koning wrote:
>
>
>> On Apr 13, 2023, at 11:02 AM, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>>
>> On 2023-04-13 10:50, Richard Earnshaw wrote:
>>> No, whilst elf can be executed, objdump should never be doing that: it's a tool for examining a file, not running it. You have to have a tool that can safely examine the contents of an elf file or you can never verify it for issues - opening it up in emacs to examine the contents is not the way to do that :)
>>
>> You can verify it for issues, in a sandbox.
>>
>>> But all that is beside the point. The original case I gave was a /corrupt/ elf file that caused a buffer overrun in the objdump binary.
>>
>> ... and that's a robustness issue. Any buffer overrun in any program could in theory be exploited to send out files.
>
> No. Buffer overruns are generally recognized as security issues, precisely because they (often) can be used to produce arbitrary code execution exploits.
They're a common security exploit vector, but context matters. If you
have local access to a system, you can already execute arbitrary code; a
buffer overrun itself is not going to help you do anything that you
couldn't already do. By letting in an untrusted file or by accepting
inputs over a network, you're opening up a *new* vector to actually
exploit the buffer overflow to do something you couldn't already do.
> A buiffer overrun would be merely a robustness issue if it is guaranteed to cause nothing worse than a program abort.
Context matters here too. Over a network or under some circumstances
with other kinds of untrusted input (such as downloaded files), a simple
program abort will result in a DoS, which is a security issue.
Sid
More information about the Gdb
mailing list