|
From: | Paul Eggert |
Subject: | Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor |
Date: | Sat, 30 Mar 2024 11:46:16 -0600 |
User-agent: | Mozilla Thunderbird |
On 3/29/24 22:04, Eric Gallager wrote:
So, one thing I'm wondering, is if there's anything gnulib can add on its end to ensure that the macro actually does what it's supposed to do?
That wouldn't suffice, since the attacker can arrange for gl_BUILD_TO_HOST to do what it's actually supposed to do, along with doing something else (ant the "something else" is the attack).
[Prev in Thread] | Current Thread | [Next in Thread] |