Home Original page

vulnerabilities in libbfd (CVE-2014-beats-me)

Mike Frysinger vapier@gentoo.org
Tue Oct 28 17:10:00 GMT 2014 
On 28 Oct 2014 15:43, Maciej W. Rozycki wrote:
> On Mon, 27 Oct 2014, Mike Frysinger wrote:
> > >  I agree sanitising pointers calculated based on data taken from 
> > > untrusted sources, including broken or deliberately corrupted 
> > > executables, is a must.
> > 
> > sure, but honestly, invoking bfd in any sort of security sensitive context is a 
> > terrible terrible idea.  it's full of range issues like this (by nature of its 
> > job), and will continue to be so.  unless we switch to a language like python 
> > where exceeding memory ranges is guaranteed to not access invalid memory (not 
> > that i'm suggesting that).
> 
>  Well, maybe BFD and consequently `strings' are not something designed 
> with security particularly in mind and maybe the C programming language 
> does help with it either and things have to be taken care of manually.  
> Maybe BFD and all the surrounding code is twisted and hard to follow.
> 
>  But that is not an excuse nor does justify sloppy coding.

i'm not suggesting we shouldn't have proper range checks everywhere.  i'm merely 
accepting the reality of the code base, and the quality/quantity of code flowing 
in from contributors.  no matter how many audits the code base went through, i 
don't think it'd ever be trust worthy in sensitive contexts.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://sourceware.org/pipermail/binutils/attachments/20141028/6a141784/attachment.sig>
More information about the Binutils mailing list