Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor

From:	Paul Eggert
Subject:	Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor
Date:	Sat, 30 Mar 2024 11:46:16 -0600
User-agent:	Mozilla Thunderbird

On 3/29/24 22:04, Eric Gallager wrote:

So, one thing I'm wondering, is if there's anything gnulib can add on
its end to ensure that the macro actually does what it's supposed to
do?

That wouldn't suffice, since the attacker can arrange forgl_BUILD_TO_HOST to do what it's actually supposed to do, along withdoing something else (ant the "something else" is the attack).

[Prev in Thread]

Current Thread

[Next in Thread]

gnulib's build-to-host.m4 and its role in the recent xz backdoor, Eric Gallager, 2024/03/30
- Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor, Paul Eggert <=
  - Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor, Collin Funk, 2024/03/30
    - Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor, Bruno Haible, 2024/03/30
- Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor, Bruno Haible, 2024/03/30
  - Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor, Eric Gallager, 2024/03/30
    - Re: testing build-to-host.m4, Bruno Haible, 2024/03/30

Prev by Date: Re: gnulib-tool.py: Display specified modules in bold.
Next by Date: Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor
Previous by thread: gnulib's build-to-host.m4 and its role in the recent xz backdoor
Next by thread: Re: gnulib's build-to-host.m4 and its role in the recent xz backdoor
Index(es):
- Date
- Thread