Verifying the source code for binaries

Posted Jun 27, 2013 14:14 UTC (Thu) by david.a.wheeler (subscriber, #72896)
In reply to: Verifying the source code for binaries by paulj
Parent article: Verifying the source code for binaries

"A completely unknown compiler can easily be attacked. You do not need to know the internals of the compiler, you just need a well-known 'hook' to run your malign code. Such hooks can include well-known function calls, various features of ELF, etc." - I mostly disagree.

You're right that there are ways to attack completely unknown compilers. A very few techniques are easier (though I think few would agree that they're really easy). But most of these kinds of attacks are, well, really hard. Attacks are generally quite sensitive to what's being attacked; it's hard to write a program when you don't know exactly what it's supposed to do. For example, why do you assume that the generated code is ELF?!? Many trivial compilers generate their own bytecode, and you then run the bytecode interpreter... making many kinds of embedding (like ELF embedding) quite useless. Even if it generates ELF, that doesn't mean you know where to hook it; you'd be surprised what varies at the low levels. As I discuss in the DDC paper, you want the checking compiler to be as diverse as you can make it; the more different it is, the harder it is to attack.