[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
|
From: |
Richard Stallman |
|
Subject: |
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor |
|
Date: |
Tue, 02 Apr 2024 17:42:50 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> My first thought was that Autoconf is a relatively trivial attack vector
> since it is so complex and the syntax used for some parts (e.g. m4 and
> shell scripts) is so arcane. In particular, it is common for Autotools
> stuff to be installed on a computer (e.g. by installing a package from
> an OS package manager) and then used while building. For example, there
> are large collections of ".m4" files installed. If one of the m4 files
> consumed has been modified, then the resulting configure script has been
> modified.
Can anyone think of a feasible way to prevent this sort of attack?
Someone suggested that configure should not use m4 files that are
lying around, but rather should fetch them from standard release points,
WDYT of that idea?
> It may be that an OS package manager
What is an "OS package manager"?
has the ability to validate already
> installed files,
Could you say concretely what this would do? Which files do you have
in mind? The m4 files discussed above?
> If installed files were themselves independently signed (or sha256s of
> the files are contained in a signed manifest), and Autotools was able to
> validate them while copying into a project ("bootstrapping"), then at
> least there is some assurance that the many files which were consumed
> have not been subverted.
Is this a proposal to deal with the problem described above? I think
maybe it is, but things are not concrete enough for me to tell for
certain.
Let's please not talk about files "consumed" unless they are used up
in the process.
> It seems common for OS distributions to modify some of the files
> (especially libtool related) so they differ from the original GNU versions.
The packager would need to specify another key and use that to sign
the files perse modifies. Or maybe, to sign all the files in the
distribution.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), (continued)
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Blake, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bob Friesenhahn, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Karl Berry, 2024/04/02
- Re: compressed release distribution formats (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor,
Richard Stallman <=
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bob Friesenhahn, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Alfred M. Szmidt, 2024/04/03
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02