RFC: Adding a SECURITY.md document to the Binutils

Ian Lance Taylor iant@google.com
Fri Apr 14 17:37:57 GMT 2023


On Thu, Apr 13, 2023 at 10:01 AM Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
>
> On 2023-04-13 12:49, Paul Koning wrote:
> > If someone sends me an executable file, and I execute it and suffer a virus, shame on me.  If someone sends me a C source file and I compile and link that BUT DO NOT EXECUTE the resulting executable, and I suffer a virus, shame on the tool.
>
> If someone sends me a C source file and I compile and link it without
> inspecting it first, then definitely shame on me again.  Compilers and
> linkers assume *trusted* input.

I profoundly disagree with this.

Compilers and linkers must behave in a reasonable manner when given
untrusted input.  Behaving reasonably can of course include failing
with an error message like "program too large", but they must not dump
core and they must not use up all available memory.  They very much
must not have a buffer overflow during compilation that causes them to
execute arbitrary code.  Users should not be expected to run compilers
and linkers in a security sandbox (though it would be acceptable for a
compiler to set up its own security sandbox if that seems useful).

Ian


More information about the Gdb mailing list