"Schech, C. W. (\"Connor\")" <sch...@gmail.com> wrote:
> I want to avoid derailing into trusting trust or designing a system > from scratch. The official build not being portable and the recursion > it introduces is orthogonal to system integrity.. Adding say, official > distcc support, and bringing back say, GCC avoids that recursion. I am > concerned with simple system integrity aspects and cross-build > contamination. SLS3 is the current buzzword framework for that, with > up-to-date terminology, if you think that adding checksums to objects > that are signed is just something I dreamt up that no one is thinking > or has thought about. I don't have money to pay a consulting firm to > develop a POSIX build script for me that I can run on a junk HP-UX > workstation and be "totally assured". We have signed checksums on the entire install. There is no need to revalidate them. If some attacker is going to attack the relink kit, they are going to attack the other 99.9% of the files also. Actually they are more likely to attack the other 99.9% of files because it is easier and more effective. You are afraid of 2nd and 3rd order problems. Solving that one little narrow problem of sha256 on .o files in a directory is not a step in the same direction as the buzzwords salad above.
