[PATCH] D70326: [docs] LLVM Security Group and Process
JF Bastien via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Wed Jan 8 10:30:53 PST 2020
jfb added a comment.
In D70326#1809735 <https://reviews.llvm.org/D70326#1809735>, @theraven wrote:
> We (Microsoft) are interested in participating in this process.
Thanks David.
> I have one concern, which is that most of the security issues arising from LLVM are not necessarily security issues in LLVM itself. For example, a miscompilation that breaks invariants that a sandboxing technique depends on will appear to most LLVM developers as a simple miscompilation and may be a security issue only for downstream consumers. Presumably this group should be involved if the issue may apply to multiple downstream consumers?
>
> Where do things like the null-check elision that caught Linux fall? This was a Linux dependence on undefined behaviour that caused compilers to emit code that introduced security vulnerabilities into Linux. Is that in scope for this group, or would we regard that as a Linux vulnerability independent of LLVM? What about, for example, a change to if-conversion that introduces branches in C code believed to be constant time and introduces vulnerabilities in crypto libraries, is that in scope?
>
> I don't think that we can characterize security issues based on where in the code they exist, but rather based on the kinds of behaviour that they trigger and we need to provide very clear advice on what that should be.
I absolutely agree! This complexity is why I'm not trying to decide what's in / out right now, and would rather have that process occur as follow-up RFCs (with updates to this document explaining what's in / out and why). Folks were expressing similar worries on the mailing list.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70326/new/
https://reviews.llvm.org/D70326
More information about the llvm-commits
mailing list