From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.90_1)
	id 1oTklU-0005je-7s
	for mharc-grub-devel@gnu.org; Thu, 01 Sep 2022 10:01:53 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:51624)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <dja@axtens.net>) id 1oTklS-0005jJ-ND
 for grub-devel@gnu.org; Thu, 01 Sep 2022 10:01:50 -0400
Received: from mail-pg1-x530.google.com ([2607:f8b0:4864:20::530]:36461)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <dja@axtens.net>) id 1oTklQ-0001mP-O5
 for grub-devel@gnu.org; Thu, 01 Sep 2022 10:01:50 -0400
Received: by mail-pg1-x530.google.com with SMTP id s206so16480653pgs.3
 for <grub-devel@gnu.org>; Thu, 01 Sep 2022 07:01:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:to:from:from:to:cc:subject:date;
 bh=vu7njE/rD//FOZSkj3tplcie2ACTyD4Ca/sM/EVH0/8=;
 b=Y3KnvIAyc1+jmxI0BJqj1BFxWNZmO7Y0IxZiamSzGRpagUHtH0oeByDYPXNqTs1wmu
 xQ4/PI430B8riaeADXxLhqmmEsMQwRpwpCkPjsJI06vsw5LeV46YiUO+Z/gcHxPtZbQm
 4ebUz2Yc/IucYcFYH4TtKYEDAqwmxCR72YN8k=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:to:from:x-gm-message-state:from:to:cc:subject
 :date;
 bh=vu7njE/rD//FOZSkj3tplcie2ACTyD4Ca/sM/EVH0/8=;
 b=vC+9f1OpFFdW9GW2d/5yLdJZya00fLtJJ4tluON5tCXgtuc92k9S29+cI/VV0lVqlm
 uRk+H/P113ZibLL5e0+4ZzuWD1TJYxA3Bb12NSbye8/uJboppHuBHKBX+5thEIoVPCAB
 u+OrA9187Io2pTKf0acIL+ayTL/YgHmNkEmHBMEJYc6X8zksgBEPneiZ+52RVX2AvzXq
 yvDktrXv7DGfsYEsfWoUPDn86/WFcMfZDQSWKD6qYbbZTFKlYI6hkU7IDSVVEAF4GuNz
 YFo0PZUBCgSXN9Xc6+jN3bGU2lUbvRtq3615ZRcp78tPmfO5DlNT8OhTIVfdU2TPkQOc
 M9cg==
X-Gm-Message-State: ACgBeo3D5aV6sT3Huy84qj+/pw9HRnPV8ntBbRdzGS/dD6U1Q9gk/A3Q
 49qoxvFo5JXSPooGlPBkwqu6aA==
X-Google-Smtp-Source: AA6agR629AxG7oU3jZ2Q4CHGJ9+UG+GH7my03dG4lB2swNP37jeSrzvn/RsVqx/A6DLDXy3IF1Z8PQ==
X-Received: by 2002:a63:2a02:0:b0:42b:3b16:5759 with SMTP id
 q2-20020a632a02000000b0042b3b165759mr26359308pgq.564.1662040906497; 
 Thu, 01 Sep 2022 07:01:46 -0700 (PDT)
Received: from localhost ([2001:4479:e300:5b00:4dfe:e18d:6009:b022])
 by smtp.gmail.com with ESMTPSA id
 187-20020a6215c4000000b0052d33bf14d6sm13237962pfv.63.2022.09.01.07.01.44
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 01 Sep 2022 07:01:45 -0700 (PDT)
From: Daniel Axtens <dja@axtens.net>
To: Vladimir 'phcoder' Serbinenko <phcoder@gmail.com>,
 The development of GNU GRUB <grub-devel@gnu.org>
Subject: Re: [PATCH] Remove HFS support
In-Reply-To: <CAEaD8JMPR9qrnVueUY=WQGpPP1Y_wOkYF4mTQ9+iQpPdMww-3A@mail.gmail.com>
References: <20220819135755.vpfkmfyvysmdbzov@tomti.i.net-space.pl>
 <0F68F479-0EC8-4BF8-B21D-81B5FC725226@physik.fu-berlin.de>
 <871qtbowcj.fsf@dja-thinkpad.axtens.net>
 <181a0e9e-cf1c-a11f-e30f-2b14093462ad@physik.fu-berlin.de>
 <871qt3uo53.fsf@dja-thinkpad.axtens.net>
 <CAEaD8JMPR9qrnVueUY=WQGpPP1Y_wOkYF4mTQ9+iQpPdMww-3A@mail.gmail.com>
Date: Fri, 02 Sep 2022 00:01:42 +1000
Message-ID: <87h71rnqgp.fsf@dja-thinkpad.axtens.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=2607:f8b0:4864:20::530;
 envelope-from=dja@axtens.net; helo=mail-pg1-x530.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
 <mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2022 14:01:50 -0000

"Vladimir 'phcoder' Serbinenko" <phcoder@gmail.com> writes:

> Le ven. 26 ao=C3=BBt 2022, 15:47, Daniel Axtens <dja@axtens.net> a =C3=A9=
crit :
>
>> Let me answer this out of order.
>>
>> > I understand the need to sometimes get rid of old code, but since the =
HFS
>> > module can be blacklisted as Vladimir explains, I don't really underst=
and
>> > the reasoning in this particular case.
>>
>> I want _all_ grub code to reach a minimum standard of not crashing or
>> corrupting memory in the presence of malicious input. HFS does not reach
>> that standard.
>>
> That is a very high standard. Products with a huge security team like
> Chrome don't reach this standard. It's reasonable that you submit the
> improvements. Also it's reasonable for you to blacklist code that gets in
> the way of security. E.g. all compressors that are not used should be
> blacklisted.

ext and fat file systems (and several other more obsure file systems)
and all our image parsers reach this standard, best as I can tell. As
far as I can tell the grub IPv4 networking stack does too, although I am
not as certain that my coverage was very thorough.

Several of us are actively working to get all of grub to this
standard. grub is a lot simpler than Chrome, so I am optimistic.

>> If you or someone else (someone from Gentoo, perhaps?) want make it fuzz
>> clean, then that'd be great. If no-one is able to bring it up to what is
>> *not* an especially high standard, then it should be considered
>> abandoned by developers and therefore removed.
>>
> Show me the fuzzes that create problems and I'll improve the code

The following two files cause crashes on stock grub-fstest

stack overflow (unbounded recursion): files.intermittent.network/grub/hfs.s=
tack-overflow
stack buffer overflow -> eventual segv: files.intermittent.network/grub/hfs=
.stack-buffer-overflow

There are an additional set of files that cause crashes when grub is
compiled with ASAN:

files.intermittent.network/grub/hfs.tar.xz (18MB, 210MB uncompressed)

There are 222 files. The corpus is not de-duplicated (there are not
222 unique bugs) and includes the two files called out above, plus
other some different heap buffer overflows.

I compile grub with ASAN using:
ASAN_OPTIONS=3Ddetect_leaks=3D0 make CFLAGS=3D"-fsanitize=3Daddress" -j8

Modern gcc works fine. grub-emu will fail to link, but grub-fstest
should build fine.

In all cases, the crashes reproduce with:

./grub-fstest <file> ls '(loop0)/'

Good luck, the stack-overflow one in particular looks especially
painful.

I will leave your other points for others to address.=20

Kind regards,
Daniel