On 4/4/21 11:38 PM, Jacob Bachmeyer wrote:
Martin wrote:
In a perfect world if everything is reproducible than all the
compilations are deterministic. It means that for a given environment
your source code will always produce the same binaries. Briefly DDC
method is using mix of different environments in order to analyze the
binary patterns of the same source code.
The downside of this is that we are right back to a binary
monoculture, and an exploit that works on one machine would be
trivially guaranteed to work everywhere. We really need some kind
of
controlled randomization that allows provably equivalent executables
to be produced, but such that exploits relying on hardcoded offsets
will only work on a limited subset.
I don't understand what you mean by "binary monoculture" in this context
can you elaborate more about it pls? Besides reproducibile-builds is not
designed to solve all type of exploits. It's just hardening dev
environment requirements to face the trusting trust issue
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
. In general it doesn't make sens to make any "free software"
development if you cannot trust your compiler. You cannot trust your
source code if it produce different binaries in the same dev
environment. This is the basic and once it's established than you can
play with any "controlled randomization" ideas on top of it.