#47614 - [security] Chunked store references in .zo files in Racket 8

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #10 received at 47614@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47614) by debbugs.gnu.org; 6 Apr 2021 17:39:52 +0000
From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 06 13:39:52 2021
Received: from localhost ([127.0.0.1]:41677 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lTpg8-0007yr-0x
	for submit@debbugs.gnu.org; Tue, 06 Apr 2021 13:39:52 -0400
Received: from mail.zaclys.net ([178.33.93.72]:44725)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@zaclys.net>) id 1lTpg5-0007yb-Vn
 for 47614@debbugs.gnu.org; Tue, 06 Apr 2021 13:39:50 -0400
Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net
 [78.195.19.20] (may be forged)) (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 136HdguZ031880
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Tue, 6 Apr 2021 19:39:43 +0200
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 136HdguZ031880
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1617730783;
 bh=4z9uqK/sXGcvK7Cc6ezWLezf6TgEi7mNRnQbZ/6Oq7Q=;
 h=Subject:From:To:Date:In-Reply-To:References:From;
 b=KvRzIaNcekgpsKA802I5h6L4SZVRn7sx1J+pIheaEqvQU6xXfRkfno3+wVsqbD5g+
 2Cbh2yj7MeIIHpL5xYczOZaYLdQH2CwICksxTTCjuZFzEjXgGIfSC8QPNlyUvN1tHP
 R4EPVneNDvn+NqyhkOmIrrc9f0uEBCkSNrKOv5N4=
Message-ID: <e9234acf1e9dff8e5a0fc0ff078fc9e2f201e9a4.camel@zaclys.net>
Subject: Re: bug#47614: [security] Chunked store references in .zo files in
 Racket 8
From: Léo Le Bouter <lle-bout@zaclys.net>
To: Mark H Weaver <mhw@netris.org>, 47614@debbugs.gnu.org
Date: Tue, 06 Apr 2021 19:39:42 +0200
In-Reply-To: <87k0pf7jti.fsf@netris.org>
References: <87k0pf7jti.fsf@netris.org>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-Cesk0LIKqiJGfD8yDHBD"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47614
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

[Message part 1 (text/plain, inline)]

I think that probably replacing arbitrary paths in built binaries is a
risky and maybe unreliable engineering choice and that mechanisms
inside kernels should be preferred to give processes a different view
of the file system (retaining the path but changing the contents of the
folder).

OTOH, what would be wrong with replacing hashes directly without
expecting them to be next to anything else?

Léo

[signature.asc (application/pgp-signature, inline)]

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 01:39:19 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#47614 [security] Chunked store references in .zo files in Racket 8