John Franklin <frank...@tux.org> wrote: > Note, I say, “possible”, not guaranteed or anything like that. Signing > doesn’t prevent malware from getting in to the system. If the build system > is compromised, as was the case recently with CCleaner, the malware gets > signed.
There was a much earlier example - though not in the wild. My memory on the details are vague, but there's been a project (Part of Debian ?) to "prove" that a binary was created from a given source - not trivial since slight differences in environment and compiler optimisations mean that simply compiling the source won't always create an identical binary. Many years ago there was a demonstration of how to build a backdoor into the "login" binary. It involved changing the C compiler to detect when it is compiling "login" and automatically add the code for the backdoor. The user can inspect the code and find nothing wrong, but silently the binary has been compromised by a compromised build tool. Without the means to prove that a binary is in fact the result of compiling specific code, there's no practical way to detect such a compromise. So yes, to be able to trust anything, you have to be able to trust every component of the system - and the tools used to build them. _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng