Contrary to reproducible builds

Posted May 16, 2017 4:30 UTC (Tue) by alison (subscriber, #63752)
In reply to: Contrary to reproducible builds by and
Parent article: Randomizing structure layout

>you can make the randomization seed depend on the hash of the tarball, so you'll get the same >seed for different builds of the same thing but a different one for a different kernel.

If I understand you correctly, the result would be that each release of a particular package would have a different layout of structs, but everyone who had the same source tarball would build the same package with the same structs. That would certainly make exploits less portable across machines: they would work with the Fedora version of a package perhaps, but not the RHEL or CENTOS ones.

Contrary to reproducible builds

Posted May 16, 2017 7:51 UTC (Tue) by and (guest, #2883) [Link]

exactly! With this, exploits would not even work for different versions of the Fedora kernel, i.e., the attacker would have to guess the exact patchlevel of the kernel to make an exploit that depends on structure layout work. While this usually won't stop state-sponsored adversaries from doing targeted attacks, it would likely prevent the spreading of most worms even in scenarios where everyone runs distribution kernels, so I think adding this functionality to the kernel is totally worth its costs. (note that this is just my personal "couch philosophy" -- I'm in involved that effort at all.)