undefined | Better HN

0 pointslondons_explore1y ago0 comments

Note that the malicious binary is fairly long and complex.

This attack can be stopped by disallowing any binary testdata or other non-source code to be on the build machines during a build.

You could imagine a simple process which checks out the code, then runs some kind of entropy checker over the code to check it is all unminified and uncompressed source code, before finally kicking off the build process.

autogenerated files would also not be allowed to be in the source repo - they're too long and could easily hide bad stuff. Instead the build process should generate the file during the build.

0 comments

trulyrandom1y ago

This requires a more comprehensive redesign of the build process. Most Linux distributions also run the tests of the project they're building as part of the build process.

uecker1y ago

The code that runs during testing should not be allowed to affect the package though. If this is possible, this is misdesigned.

saulrh1y ago

Profile guided optimization is, unfortunately, wildly powerful. And it has a hard requirement that a casual link exists from test data (or production data!) to the build process.

j / k navigate · click thread line to collapse