From debbugs-submit-bounces@debbugs.gnu.org Tue Apr 06 13:39:52 2021 Received: (at 47614) by debbugs.gnu.org; 6 Apr 2021 17:39:52 +0000 Received: from localhost ([127.0.0.1]:41677 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lTpg8-0007yr-0x for submit@debbugs.gnu.org; Tue, 06 Apr 2021 13:39:52 -0400 Received: from mail.zaclys.net ([178.33.93.72]:44725) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lTpg5-0007yb-Vn for 47614@debbugs.gnu.org; Tue, 06 Apr 2021 13:39:50 -0400 Received: from guix-xps.local (lsl43-1_migr-78-195-19-20.fbx.proxad.net [78.195.19.20] (may be forged)) (authenticated bits=0) by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 136HdguZ031880 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 6 Apr 2021 19:39:43 +0200 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 136HdguZ031880 Authentication-Results: mail.zaclys.net; dmarc=fail (p=reject dis=none) header.from=zaclys.net Authentication-Results: mail.zaclys.net; spf=fail smtp.mailfrom=lle-bout@zaclys.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net; s=default; t=1617730783; bh=4z9uqK/sXGcvK7Cc6ezWLezf6TgEi7mNRnQbZ/6Oq7Q=; h=Subject:From:To:Date:In-Reply-To:References:From; b=KvRzIaNcekgpsKA802I5h6L4SZVRn7sx1J+pIheaEqvQU6xXfRkfno3+wVsqbD5g+ 2Cbh2yj7MeIIHpL5xYczOZaYLdQH2CwICksxTTCjuZFzEjXgGIfSC8QPNlyUvN1tHP R4EPVneNDvn+NqyhkOmIrrc9f0uEBCkSNrKOv5N4= Message-ID: Subject: Re: bug#47614: [security] Chunked store references in .zo files in Racket 8 From: =?ISO-8859-1?Q?L=E9o?= Le Bouter To: Mark H Weaver , 47614@debbugs.gnu.org Date: Tue, 06 Apr 2021 19:39:42 +0200 In-Reply-To: <87k0pf7jti.fsf@netris.org> References: <87k0pf7jti.fsf@netris.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-Cesk0LIKqiJGfD8yDHBD" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47614 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-Cesk0LIKqiJGfD8yDHBD Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I think that probably replacing arbitrary paths in built binaries is a risky and maybe unreliable engineering choice and that mechanisms inside kernels should be preferred to give processes a different view of the file system (retaining the path but changing the contents of the folder). OTOH, what would be wrong with replacing hashes directly without expecting them to be next to anything else? L=C3=A9o --=-Cesk0LIKqiJGfD8yDHBD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEFIvLi9gL+xax3g6RRaix6GvNEKYFAmBsnN4ACgkQRaix6GvN EKYdyQ//ZM1NkwAVwlz9jvAGlquG4PZtpNVMo9nKwCtDFNkdH24qcw0C4B9vDcz5 eSQl1zdd/Umo4brKd7namErlRBUS6C5HtsT763R8XbT8oY6qQhPYbl7fy445H3DK D/vXRDZBMPAkmeX5W6bn9h+ZOULy1PB4iQXZ+/rleq+SvE7PGVbN2FKt7I2/mEn0 ft11Xf8XcDbD7IlKRgPcudYBJ7Eb8ibRjO4n9iluILxoZ6ST/rZHsn5XFFl4SuT/ O/a0NqoaFs5rd8aQcx2S3oTyRlpSDeR7o7IpKLGgZgjxCijzW0X6hEoo/d0QPd7Y 87srlKLNzj1KTP3UoOy5yYEEuw0lIplB+Jmzri93ncBEEDthWiHgpAfpDn26lbFz DIFsLB07vL10QxrDgsGsGEpgFnmA/L0jeJCD+2PlrPNMovhYi9lypsdpBpDcoSOZ aaPQXIdkwOo9iPybXkWI+eGRV+vMGwG1vli/v4YvoJXBh+eJwwi2d/mKfQzgt+EZ dON/KbrVgVgtiyhic5ADKVn1t6xJQboqz075EAVwB7unH/XHpLY+TXRY4kogWfUi XQLkSzG5MjOuNAI0WgUTz9IfXsQuFeHx4E1iYdSIwmZl+vos6YGkVykMsKHdIRn5 9Zuwt9Kl6hF8viKb4Plmhf/biCdKq3S/bxBybRrd7Tbd3OlopPo= =CakI -----END PGP SIGNATURE----- --=-Cesk0LIKqiJGfD8yDHBD--