[GTALUG] MP BIOS Toshiba - semi revival

Lennart Sorensen lsorense at csclub.uwaterloo.ca
Wed Mar 18 16:36:22 UTC 2015


On Wed, Mar 18, 2015 at 12:07:10PM -0400, Christopher Browne wrote:
> You don't need to compile everything *every* time to keep them honest;
> you need to compile it *once*.  And it's not so much you as there being
> *someone*.  And better still if the "someone" is an automated batch
> process so that we can have a non-negligible amount of confidence
> that it's repeatable.
> 
> And some of the "recompile for (imagined) security" takes this to
> further heights of silliness...
> 
> - Do we need to recompile Bash (or Dash or zsh or whatever)
>   each time we reboot?
> 
> - Oh dear, that means we need to recompile the Perl, Python, and
>   Ruby distributions every time.  Should we be running the test
>   suites, too, to verify that they're working as predicted?

Sure, but why trust the test suites haven't been tampered with?

> - It seems idiotic to need to recompile KDE, libraries *and* apps.
> 
> - I'm running StumpWM as my window manager; this "security
>   by recompiling everything" model means I need to recompile
>   SBCL (the Common Lisp environment).
> 
> - Whoops, can we really trust things if we haven't recompiled
>   GCC/LLVM since the last time we rebooted?  If recompiling
>   code lends security, then surely not.
> 
> - Have you recompiled Grub lately?
> 
> And all of this falls out of deciding that when people say
> "reliability," they don't *really* mean that; they really mean
> "security."  And when they say "performance", they don't
> *really* mean that; they really meant to say "security"
> (even though they didn't, which ought to be a hint that
> it wasn't what they meant).
> 
> Claim was made that Debian switched from using Bash
> as the default shell (!= "default login shell", by the way)
> "because security."  When the declared reasons didn't
> have the word "security" anywhere.
> 
> But I guess that since *everything* is really computer
> security, then the plans must be already well under way
> for Debian to recompile everything, from the kernel to
> Grub to all the scripting engines during the boot
> process.

But why trust your compiler?  All such a stupid idea is doing is moving
the problem, while putting some stuff in front that sounds like they
are doing something to improve security, while doing no such thing.

There are ways to make sure you are booting trusted code.  Recompiling
from source at boot is not one of them.  It does the opposit in fact.

-- 
Len Sorensen


More information about the talk mailing list