Rutkowska: Security challenges for the Qubes build process
Rutkowska: Security challenges for the Qubes build process
Posted Jun 2, 2016 12:16 UTC (Thu) by ms (subscriber, #41272)In reply to: Rutkowska: Security challenges for the Qubes build process by nix
Parent article: Rutkowska: Security challenges for the Qubes build process
Yeah, I'm surprised they've not gone further - you could imagine a way of figuring out the signature of the ABI: take all the public functions by name, with some representation of their types and hash all that lot together. Sure, it wouldn't stop semantic changes from breaking everything but nor does anything currently. You could even do it per function if you want to be really fancy to ensure that just adding functions wouldn't trigger a rebuild. I have no idea what the linker requirements are though, so I don't know if that's even feasible.
Posted Jun 8, 2016 12:16 UTC (Wed)
by nix (subscriber, #2304)
[Link]
Rutkowska: Security challenges for the Qubes build process
That's what the ABI compatibility checker does, more or less. (It does need debugging info to do it, though, and doesn't always work, just most of the time.)