there is no security support for binutils in debian stable
(buster). Given the importance of binutils this seems to me to be a real problem.
BFD and binutils have not been designed to process untrusted data.
Usually, this does not matter at all. For example, no security
boundary is crossed when linking object files that have been just been compiled.
On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
BFD and binutils have not been designed to process untrusted data.There are definitely situations where vulnerabilities in binutils
Usually, this does not matter at all. For example, no security
boundary is crossed when linking object files that have been just been
compiled.
(mostly objdump) are important and a security boundary could be
crossed, for example; running lintian on ftp-master,
malware reverse engineering
and inspection of binaries for hardening features.
Am 01.01.20 um 03:14 schrieb Paul Wise:
On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
BFD and binutils have not been designed to process untrusted data.There are definitely situations where vulnerabilities in binutils
Usually, this does not matter at all. For example, no security
boundary is crossed when linking object files that have been just been
compiled.
(mostly objdump) are important and a security boundary could be
crossed, for example; running lintian on ftp-master,
malware reverse engineering
Up to now I did not see any notable effort to support malware
reverse engineering under Linux. The only program I knew was boomerang
for decompiling malware but it seems to be unsupported since long. I
would really be in need of such software since I have plenty of images
of rootkitted installations and tampered BIOS images (f.i. one does
not boot via USB and does not allow BIOS updates; you can not get rid
of it unless you flash the BIOS chip of you mainboard externally).
and inspection of binaries for hardening features.
Maybe ultimately one needs monitors and diff-machines built in hardware
(and more or less by oneself).
If compilers can be subverted, so can assemblers.
If intelligence is everywhere, so is intel.
If controlling people is everywhere, so is manipulation.
If exercising power goes beyond oneself, so does one's own corruption.
The only real solution is in one's own efforts to love, and thus to
become one with The One.
Those who think they are already there are just blind for what is beyond their perception.
On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
BFD and binutils have not been designed to process untrusted data.
Usually, this does not matter at all. For example, no security
boundary is crossed when linking object files that have been just been
compiled.
There are definitely situations where vulnerabilities in binutils
(mostly objdump) are important and a security boundary could be
crossed, for example; running lintian on ftp-master, malware reverse engineering and inspection of binaries for hardening features.
Up to now I did not see any notable effort to support malware reverse engineering under Linux. The only program I knew was boomerang for decompiling malware but it seems to be unsupported since long.
Doesn't lintian on ftp-master use disposable VMs?
Some of its checks look inherently dangerous, e.g. the bash -n check for shell syntax.
Some of its checks look inherently dangerous, e.g. the bash -n
check for shell syntax.
Why would bash -n be dangerous?
On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote:
Doesn't lintian on ftp-master use disposable VMs?
No mention of qemu/kvm in dak.git nor any qemu processes running on ftp-master.d.o, so I don't think so.
Some of its checks look inherently dangerous, e.g. the bash -n check for shell syntax.
What is dangerous about `bash -n`? IIRC that is supposed to not
execute shell code, but I guess you mean that the shell parsers in
Debian (bash/dash/etc) are particularly fragile?
The same can probably be said for the manual page checks and
probably other parts of lintian.
Some of its checks look inherently dangerous, e.g. the bash -n check for shell syntax.
Up to now I did not see any notable effort to support malware reverse engineering under Linux. The only program I knew was boomerang for decompiling malware but it seems to be unsupported since long. I would really be in need of such software since I have plenty of images of rootkitted installations and tampered BIOS images (f.i. one does not
boot via USB and does not allow BIOS updates; you can not get rid of it unless you flash the BIOS chip of you mainboard externally).
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 67:14:39 |
Calls: | 6,654 |
Files: | 12,200 |
Messages: | 5,331,951 |