[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building packages with exact binary matches

On Wed, 26 Sep 2007 12:31:51 +0200, Martin Uecker <muecker@gmx.de> said: 

> On Wed, Sep 26, 2007 at 12:25:02AM -0500, Manoj Srivastava wrote:

>> Just because you have _heard_ anyone diss special relativity being
>> the sole reason to believe in it is in the same ball park as
>> blissful, you know, ignorance.

> It is not about hearsay. It is about finding an error in a
> predictation.  And I do not care *who* finds the error. Of course the
> predications have actually be checked. So you are right with your
> argument, if nobody actually does this, it would be ignorant to
> believe in a scientifc theory for the sole reason that nobody
> complains. Similar, if nobody recompiles the packages and checks for
> mismatches, then silence would in fact not imply that things are
> ok. But I question your premise: I have no doubt that some people
> would actually recompile packages and compare the hash. Even if it is
> not done normally, somebody would do this if doubts come up for some
> reason (e.g. some debian hosts are compromised again.).  This alone
> would actually be worth a lot.

        But recompiling from what? If you do not get the exact same
 source, you have no hope of getting the same result.  And the way
 things work, the chances are that if the binary is tainted, the source
 would be tainted -- and you have got nowhere.

>> The difference is evidence.  If there is some merit to the notion
>> that a buildd is compromised, the solution is not bunches of people
>> building from potentially tainted sources and comparing checksums.

> If know that the source code wich has hash 4457575757575 compiled in
> the build environment with hash 4837373737 gives a package with hash
> 366336363, then it is actually *evidence* that something is seriously
> wrong if you end up with a package with a different hash.

        So, someone replaces the binary compiled on the buildd with a
 fake one, in between the binary being built and it being signed?  All
 the work to get bit-for-bit reproducibility for such a low priority
 attack vector?

        manoj

-- 
"VMS is a text-only adventure game. If you win you can use Unix." Bill
Davidsen (davidsen@crdos1.crd.GE.COM)
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: