0

From reproducible-builds.org:

Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers.

In general, it means that given the same source code, you end up with the identical binary. I see that the concept has lots of advantages, but I wonder whether there are disadvantages when you are no longer allowed to use any form of randomization during compilation.

What are the implications of switching to reproducible builds?

  • Against which types of attacks will it improve security?
  • Against which types of attacks will it reduce security by preventing compilation techniques based on randomization?
Philipp Claßen
  • 1,024
  • 1
  • 8
  • 15

2 Answers2

1
  • Against which types of attacks will it reduce security by preventing compilation techniques based on randomization?

You may be thinking about a technique like Address Space Layout Randomization (ASLR). However, ASLR is not a compilation technique; it is not created in the compiler or the linker. ASLR is a function of the run time environment's operating system. It is in the part of the OS that loads the code into memory at a random position every time it's loaded.

Distributed code is never random. In some rare cases it may be unique based on watermarking or licensing schemes, but the only purpose of those techniques is for the author to enforce copy protection, licensing, or billing. These are exactly opposed to the purpose of reproducible builds.

John Deters
  • 33,650
  • 3
  • 57
  • 110
0

Looks like you've already covered the possible answers. :)

It helps discovery of any unauthorized modification of the executable code (it doesn't prevent modification). So anyone tampering with it will risk discovery (of the tampering, not necessarily of the identity of the tamperers).

So it doesn't quite "protect" against any attack - if that's what you meant by

Against which types of attacks will it improve security?

However, the possibility of discovery itself in a way improved security, something that could deter an adversary.

While random / changing inputs for every build might be needed for some reason or other, it is hard to say that for security reasons. I haven't (yet) come across any security requirement that needs random/changing input to the build process. Based on my limited experience, I'd say, it increases effort (to create a reproducible build) but doesn't hurt security in any way.

Sas3
  • 2,638
  • 9
  • 20