oss-sec mailing list archives
Re: Reproducible Builds for Fedora
From: Solar Designer <solar () openwall com>
Date: Wed, 25 Sep 2013 18:55:48 +0400
Dhiru, all - I did not review the code, so my reply is based on Sebastian's message only: On Wed, Sep 25, 2013 at 10:08:01AM +0200, Sebastian Krahmer wrote:
base=`basename $f` objdump -d rpm1/$f | grep -v $base > dump1 objdump -d rpm2/$f | grep -v $base > dump2 diff -u dump1 dump2 > /dev/null if [ $? -ne 0 ] ; then echo "File disassembly differs $f" cnt=`expr $cnt + 1` fi [...] for ELF files and doing a sha256sum for other file types. My concern is that attackers could construct a package that contains function-names that match the basename of the binary that you are checking. The "grep -v" will remove that, leaving a clean compare for injected code like 'call $base' etc. That would leave a wrong feeling about equal binaries.
Ensuring that "objdump -d" has stayed the same between a known-good and another build of a binary is not sufficient to tell that the new build is not trojaned. Changes to other sections (e.g., to embedded data that the program uses or/and to relocations) or/and to the ELF header may be sufficient to introduce meaningful backdoors. Recent research: https://www.usenix.org/conference/woot13/weird-machines-elf-spotlight-underappreciated-metadata "Our proof-of-concept toolkit highlights how important it is that defenders expand their focus beyond the code and data sections of untrusted binaries" [ Dhiru, weren't you there in person? ;-) ] December 2006 paper saying that a related technique has "been used in the virus world many years prior to this paper": http://uninformed.org/?v=6&a=3&t=sumry Besides ELF being Turing-complete on its own, the ELF header may contain native executable code too: http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html Alexander
Current thread:
- Reproducible Builds for Fedora Dhiru Kholia (Sep 24)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 25)
- Re: Reproducible Builds for Fedora Nicolas Vigier (Sep 25)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Solar Designer (Sep 25)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 26)
- Re: Reproducible Builds for Fedora Alexander Cherepanov (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 26)
- Re: Reproducible Builds for Fedora Kurt Seifried (Sep 26)
- Re: Reproducible Builds for Fedora Paul Pluzhnikov (Sep 27)
- Re: Reproducible Builds for Fedora Steve Grubb (Sep 25)
- Re: Reproducible Builds for Fedora Sebastian Krahmer (Sep 25)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)
- Re: Reproducible Builds for Fedora Moritz Muehlenhoff (Sep 25)
- Re: Reproducible Builds for Fedora Dhiru Kholia (Sep 26)