Re: Why no security support for binutils? What to do about it?

[Florian Weimer <fw@deneb.enyo.de>]

* Paul Wise:

> On Wed, Jan 1, 2020 at 1:00 PM Florian Weimer wrote:
>
>> Doesn't lintian on ftp-master use disposable VMs?
>
> No mention of qemu/kvm in dak.git nor any qemu processes running on
> ftp-master.d.o, so I don't think so.

Uh-oh.

>> Some of its checks look inherently dangerous, e.g. the bash -n check for shell syntax.
>
> What is dangerous about `bash -n`? IIRC that is supposed to not
> execute shell code, but I guess you mean that the shell parsers in
> Debian (bash/dash/etc) are particularly fragile?

Yes, exactly.

> The same can probably be said for the manual page checks and
> probably other parts of lintian.

Which means that it's not reasonable to make lintian checks part of
the trusted computing base.  And objdump (or BFD/binutils) is just a
tiny aspect of that.

Just to be clear here, I'm not saying that a safe objdump or GDB
wouldn't be useful.  (Trusted GDB across container binaries could be
quite interesting.)  It's just unrealistic that it's possible to
achieve anything close to that with the current code base.