Re: Why no security support for binutils? What to do about it?
On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote:
> BFD and binutils have not been designed to process untrusted data.
> Usually, this does not matter at all. For example, no security
> boundary is crossed when linking object files that have been just been
> compiled.
There are definitely situations where vulnerabilities in binutils
(mostly objdump) are important and a security boundary could be
crossed, for example; running lintian on ftp-master, malware reverse
engineering and inspection of binaries for hardening features.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: