|
| From: | Jacob Bachmeyer |
| Subject: | Risks of deterministic builds (was: Re: Truth matters when writing software and selecting leaders) |
| Date: | Mon, 05 Apr 2021 21:38:36 -0500 |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.22) Gecko/20090807 MultiZilla/1.8.3.4e SeaMonkey/1.1.17 Mnenhy/0.7.6.0 |
Martin wrote:
On 4/4/21 11:38 PM, Jacob Bachmeyer wrote:Martin wrote:In a perfect world if everything is reproducible than all the compilations are deterministic. It means that for a given environment your source code will always produce the same binaries. Briefly DDC method is using mix of different environments in order to analyze the binary patterns of the same source code.The downside of this is that we are right back to a binary monoculture, and an exploit that works on one machine would be trivially guaranteed to work everywhere. We really need some kindofcontrolled randomization that allows provably equivalent executables to be produced, but such that exploits relying on hardcoded offsets will only work on a limited subset.I don't understand what you mean by "binary monoculture" in this context can you elaborate more about it pls?
Exploits are easier to develop when hardcoded offsets, virtual addresses, etc. can be used. In a "binary monoculture" environment, that is possible. This contributes to and worsens security problems in proprietary software, which is almost always distributed as a single identical set of binaries.
Reproducible builds are useful for validating the compiler, but there is a potential downside in that they make any exploit that can be found in the reproducibly built program much more reliable, since everyone will have exactly identical binaries. Note that this is an identical risk with binary distributions: if you simply install the binaries form Debian, an exploit can be tuned to Debian's version of that binary and it will work on your machine.
-- Jacob
| [Prev in Thread] | Current Thread | [Next in Thread] |