-
Not Synced
Next talk
-
Not Synced
Chris and Holger are going to talk to us again
-
Not Synced
about reproducible builds and tell us
where they're up to.
-
Not Synced
Thanks very much
-
Not Synced
The outline of this talk is from last year
we realised there were a lot of questions.
-
Not Synced
The rough plan is to quickly go over
what reproducible builds are
-
Not Synced
I guess everyone is up to speed
-
Not Synced
but getting everyone on the same page
would be a good idea.
-
Not Synced
Then Holger's going to jump in
and give the status update
-
Not Synced
and then we're going to talk about
future work, questions etc
-
Not Synced
What is the actual problem we're
solving here?
-
Not Synced
You can always inspect the source code of
free software for malicious flaws
-
Not Synced
or just flaws as well.
-
Not Synced
Unfortunately distributions provide
precompiled binaries to end users.
-
Not Synced
So can you actually trust this
compilation process has not
-
Not Synced
introduced flaws of its own?
-
Not Synced
The problem is it seems very effective if
you want to go after end users
-
Not Synced
you can go after developers.
Because if you go infect a developers
-
Not Synced
machine you will then infect all the
users of the software they generate.
-
Not Synced
Financial incentives. There always were
but they are even more so these days
-
Not Synced
with mobile phone etc.
-
Not Synced
You can also have very subtle flaws.
This one in particular there was a
-
Not Synced
root exploit in OpenSSH just by changing
a compare equal.
-
Not Synced
That sort of assembler jump thing and it
gives you root
-
Not Synced
but with only a single bit difference in
the binary.
-
Not Synced
Which is not to shabby.
-
Not Synced
Then you have all sorts of cute demos
where you load up the source code in VIM
-
Not Synced
and it just looks like 'Hello world' but
when you compile it with GCC
-
Not Synced
your kernel rootkit just goes 'oh I'm
going to give you a different file'
-
Not Synced
and self replicates of them like that.
-
Not Synced
Difficult to trust the process.
-
Not Synced
And there's some recent history as well
around Xcodeghost and iOS
-
Not Synced
and adverts and things like that.
-
Not Synced
You can Google those things.
Really scary stuff.
-
Not Synced
The last example is actually coming from
a CIA design paper from 2012.
-
Not Synced
Which was then found in the wild in 2014.
So these exploits are actually happening.
-
Not Synced
People are targeting developers to get
users.
-
Not Synced
Xcodeghost had 20 milllion user
installations.
-
Not Synced
It was probably not the CIA or NSA but
we don't know who it was.
-
Not Synced
There are many people who do these
exploits in the wild.
-
Not Synced
Yeah it's not just 'Here's this cute
thing we can talk about'.
-
Not Synced
It's actually happening.
-
Not Synced
The motivation is to ensure no flaws are
introduced during the build process.
-
Not Synced
We do this by ensuring the build always
produces identical results.
-
Not Synced
Then multiple parties do the same thing.
-
Not Synced
I build it, you build it, your friends
build it etc
-
Not Synced
An an attacker would need to infect
everyone simultaneously
-
Not Synced
otherwise they'd be detected.
For example if my machine was compromised
-
Not Synced
I would suddenly come up with a
different result.
-
Not Synced
I would come up with different binaries.
-
Not Synced
And you'd be 'what's going on here' and
eventually we would discover
-
Not Synced
that my machine was rootkitted etc.
-
Not Synced
You probably know it but identically
means bit by bit identical.
-
Not Synced
As that is really the same.
-
Not Synced
Yeah, bit, SHA, MD5 whatever you want.
-
Not Synced
There are a bunch of challenges here.
The biggest one is timestamps.
-
Not Synced
A lot of software just loves to include timestamps everywhere
Debconf
