Re: [gentoo-amd64] Re: "For What It's Worth" (or How do I know my Gentoo source code hasn't been messed with?) - gentoo-amd64

From:	Mark Knecht <markknecht@×××××.com>
To:	Gentoo AMD64 <gentoo-amd64@l.g.o>
Subject:	Re: [gentoo-amd64] Re: "For What It's Worth" (or How do I know my Gentoo source code hasn't been messed with?)
Date:	Thu, 07 Aug 2014 19:38:10
Message-Id:	`CAK2H+edexOrMdzs2gX4KgUUwTpiaG6yZVd+Z1_iDybZAb6BGyg@mail.gmail.com`
In Reply to:	[gentoo-amd64] Re: "For What It's Worth" (or How do I know my Gentoo source code hasn't been messed with?) by Duncan <1i5t5.duncan@cox.net>

1

On Thu, Aug 7, 2014 at 10:20 AM, Duncan <1i5t5.duncan@×××.net> wrote:

2

> Lie Ryan posted on Fri, 08 Aug 2014 02:06:14 +1000 as excerpted:

3

>

4

>> With you having to compile thousands of stuffs if you build from stage

5

>> 1, I doubt that you will be able to verify every single thing you

6

>> compile and detect if something is actually doing sneaky stuff AND still

7

>> have the time to enjoy your system. Also, even if you build from stage 1

8

>> and manage to verify all the source code, you still need to download a

9

>> precompiled compiler which could possibly inject the malicious code into

10

>> the programs it compiles, and which can also inject itself if you try to

11

>> compile another compiler from source. If there is a single software that

12

>> is worth a gold mine to inject with malware to gain illicit access to

13

>> all Linux system, then it would be gcc. Once you infect a compiler,

14

>> you're invincible.

15

>

16

> Actually, that brings up a good question.  The art of compiling is

17

> certainly somewhat magic to me tho I guess I somewhat understand the

18

> concept in a vague, handwavy way, but...

19

20

<SNIP>

21

>

22

> So anyway, to the gcc experts that know, and to non-gcc CS folks who have

23

> actually built their own simple compilers and can at least address the

24

> concept, is a previous gcc or other full compiler actually required to

25

> build a new gcc, or does it sufficiently bootstrap itself from the more

26

> basic tools such that unlike most code, it doesn't actually need a full

27

> compiler to build and reasonably optimize at all?  That's a question I've

28

> had brewing in the back of my mind for some time, and this seemed the

29

> perfect opportunity to ask it. =:^)

30

>

31

32

And beyond Duncan's question (good question!) if I try to rebuild gcc

33

like it was an empty box using my current machine I see this sort of thing

34

where gcc is about the 350th of 385 packages getting built. It seems to

35

me that _any_ package that has programs running at the same or higher

36

level as emerge could be hacked and control what's actually placed on the

37

machine.

38

39

It's an endless problem if you cannot trust anything, and for most people,

40

and certainly for me, unverifiable the ways the tools work today.

41

42

c2RAID6 ~ # emerge -pve gcc

43

44

These are the packages that would be merged, in order:

45

46

Calculating dependencies... done!

47

[ebuild   R    ] app-arch/xz-utils-5.0.5-r1  USE="nls threads

48

-static-libs" ABI_X86="(64) (-32) (-x32)" 1,276 kB

49

[ebuild   R    ] virtual/libintl-0-r1  ABI_X86="(64) -32 (-x32)" 0 kB

50

[ebuild   R    ] app-arch/bzip2-1.0.6-r6  USE="-static -static-libs"

51

ABI_X86="(64) (-32) (-x32)" 0 kB

52

[ebuild   R    ] dev-libs/expat-2.1.0-r3  USE="unicode -examples

53

-static-libs" ABI_X86="(64) (-32) (-x32)" 550 kB

54

[ebuild   R    ] virtual/libiconv-0-r1  ABI_X86="(64) (-32) (-x32)" 0 kB

55

[ebuild   R    ] dev-lang/python-exec-2.0.1-r1:2

56

PYTHON_TARGETS="(jython2_5) (jython2_7) (pypy) (python2_7) (python3_2)

57

(python3_3) (-python3_4)" 0 kB

58

[ebuild   R    ] sys-devel/gnuconfig-20140212  0 kB

59

[ebuild   R    ] media-libs/libogg-1.3.1  USE="-static-libs"

60

ABI_X86="(64) (-32) (-x32)" 0 kB

61

[ebuild   R    ] app-misc/mime-types-9  16 kB

62

[ebuild   R    ] sys-apps/baselayout-2.2  USE="-build" 40 kB

63

[ebuild   R    ] sys-devel/gcc-config-1.7.3  15 kB

64

65

<SNIP, SNIP, SNIP>

66

67

[ebuild   R    ] media-libs/phonon-4.6.0-r1  USE="gstreamer (-aqua)

68

-debug -pulseaudio -vlc (-zeitgeist)" 275 kB

69

[ebuild   R    ] sys-libs/glibc-2.19-r1:2.2  USE="(multilib) -debug

70

-gd (-hardened) -nscd -profile (-selinux) -suid -systemtap -vanilla" 0

71

kB

72

[ebuild   R    ] sys-devel/gcc-4.7.3-r1:4.7  USE="cxx fortran

73

(multilib) nls nptl openmp (-altivec) -awt -doc (-fixed-point) -gcj

74

-go -graphite (-hardened) (-libssp) -mudflap (-multislot) -nopie

75

-nossp -objc -objc++ -objc-gc -regression-test -vanilla" 81,022 kB

76

[ebuild   R    ] sys-libs/pam-1.1.8-r2  USE="berkdb cracklib nls

77

-audit -debug -nis (-selinux) {-test} -vim-syntax" ABI_X86="(64) (-32)

78

(-x32)" 0 kB

79

[ebuild   R    ] dev-db/mysql-5.1.70  USE="community perl ssl

80

-big-tables -cluster -debug -embedded -extraengine -latin1

81

-max-idx-128 -minimal -pbxt -profiling (-selinux) -static {-test}

82

-xtradb" 24,865 kB

83

[ebuild   R    ] sys-devel/llvm-3.3-r3:0/3.3  USE="libffi

84

static-analyzer xml -clang -debug -doc -gold -multitarget -ocaml

85

-python {-test} -udis86" ABI_X86="(64) (-32) (-x32)"

86

PYTHON_TARGETS="python2_7 (-pypy) (-pypy2_0%) (-python2_6%)"

87

VIDEO_CARDS="-radeon" 0 kB

88

[ebuild   R    ] media-libs/mesa-10.0.4  USE="classic egl gallium llvm

89

nptl vdpau xvmc -bindist -debug -gbm -gles1 -gles2 -llvm-shared-libs

90

-opencl -openvg -osmesa -pax_kernel -pic -r600-llvm-compiler

91

(-selinux) -wayland -xa" ABI_X86="(64) (-32) (-x32)"

92

VIDEO_CARDS="(-freedreno) -i915 -i965 -ilo -intel -nouveau -r100 -r200

93

-r300 -r600 -radeon -radeonsi -vmware" 0 kB

94

[ebuild   R    ] x11-libs/cairo-1.12.16  USE="X glib opengl svg xcb

95

(-aqua) -debug -directfb -doc (-drm) (-gallium) (-gles2)

96

-legacy-drivers -openvg (-qt4) -static-libs -valgrind -xlib-xcb" 0 kB

97

[ebuild   R    ] app-text/poppler-0.24.5:0/44  USE="cairo cxx

98

introspection jpeg jpeg2k lcms png qt4 tiff utils -cjk -curl -debug

99

-doc" 0 kB

100

[ebuild   R    ] media-libs/harfbuzz-0.9.28:0/0.9.18  USE="cairo glib

101

graphite introspection truetype -icu -static-libs {-test}"

102

ABI_X86="(64) (-32) (-x32)" 0 kB

103

[ebuild   R    ] x11-libs/pango-1.36.5  USE="X introspection -debug"

104

ABI_X86="(64) (-32) (-x32)" 0 kB

105

[ebuild   R    ] x11-libs/gtk+-2.24.24:2  USE="introspection xinerama

106

(-aqua) -cups -debug -examples {-test} -vim-syntax" ABI_X86="(64)

107

(-32) (-x32)" 0 kB

108

[ebuild   R    ] x11-libs/gtk+-3.12.2:3  USE="X introspection xinerama

109

(-aqua) -cloudprint -colord -cups -debug -examples {-test} -vim-syntax

110

-wayland" 0 kB

111

[ebuild   R    ] dev-db/libiodbc-3.52.7  USE="gtk" 1,015 kB

112

[ebuild   R    ] app-crypt/pinentry-0.8.2  USE="gtk ncurses qt4 -caps

113

-static" 419 kB

114

[ebuild   R    ] dev-java/icedtea-bin-6.1.13.3-r3:6  USE="X alsa -cjk

115

-cups -doc -examples -nsplugin (-selinux) -source -webstart" 0 kB

116

[ebuild   R    ] dev-libs/soprano-2.9.4  USE="dbus raptor redland

117

virtuoso -debug -doc {-test}" 1,913 kB

118

[ebuild   R    ] app-crypt/gnupg-2.0.25  USE="bzip2 ldap nls readline

119

usb -adns -doc -mta (-selinux) -smartcard -static" 0 kB

120

[ebuild   R    ] gnome-extra/polkit-gnome-0.105  304 kB

121

[ebuild   R    ] kde-base/kdelibs-4.12.5-r2:4/4.12  USE="acl alsa

122

bzip2 fam handbook jpeg2k mmx nls opengl (policykit) semantic-desktop

123

spell sse sse2 ssl udev udisks upower -3dnow (-altivec) (-aqua) -debug

124

-doc -kerberos -lzma -openexr {-test} -zeroconf" 0 kB

125

[ebuild   R    ] sys-auth/polkit-kde-agent-0.99.0-r1:4  USE="(-aqua)

126

-debug" LINGUAS="-ca -ca@valencia -cs -da -de -en_GB -eo -es -et -fi

127

-fr -ga -gl -hr -hu -is -it -ja -km -lt -mai -ms -nb -nds -nl -pa -pt

128

-pt_BR -ro -ru -sk -sr -sr@ijekavian -sr@ijekavianlatin -sr@latin -sv

129

-th -tr -uk -zh_TW" 34 kB

130

[ebuild   R    ] kde-base/nepomuk-core-4.12.5:4/4.12  USE="exif pdf

131

(-aqua) -debug -epub -ffmpeg -taglib" 0 kB

132

[ebuild   R    ] kde-base/katepart-4.12.5:4/4.12  USE="handbook

133

(-aqua) -debug" 0 kB

134

[ebuild   R    ] kde-base/kdesu-4.12.5:4/4.12  USE="handbook (-aqua)

135

-debug" 0 kB

136

[ebuild   R    ] net-libs/libproxy-0.4.11-r2  USE="kde -gnome -mono

137

-networkmanager -perl -python -spidermonkey {-test} -webkit"

138

ABI_X86="(64) (-32) (-x32)" PYTHON_TARGETS="python2_7" 0 kB

139

[ebuild   R    ] kde-base/nepomuk-widgets-4.12.5:4/4.12  USE="(-aqua)

140

-debug" 0 kB

141

[ebuild   R    ] kde-base/khelpcenter-4.12.5:4/4.12  USE="(-aqua) -debug" 0 kB

142

[ebuild   R    ] net-libs/glib-networking-2.40.1-r1  USE="gnome

143

libproxy ssl -smartcard {-test}" ABI_X86="(64) (-32) (-x32)" 0 kB

144

[ebuild   R    ] net-libs/libsoup-2.46.0-r1:2.4  USE="introspection

145

ssl -debug -samba {-test}" ABI_X86="(64) (-32) (-x32)" 0 kB

146

[ebuild   R    ] media-plugins/gst-plugins-soup-0.10.31-r1:0.10

147

ABI_X86="(64) (-32) (-x32)" 0 kB

148

[ebuild   R    ] media-libs/phonon-gstreamer-4.6.3  USE="alsa network

149

-debug" 71 kB

150

151

Total: 385 packages (385 reinstalls), Size of downloads: 355,030 kB

152

c2RAID6 ~ #

1	On Thu, Aug 7, 2014 at 10:20 AM, Duncan <1i5t5.duncan@×××.net> wrote:
2	> Lie Ryan posted on Fri, 08 Aug 2014 02:06:14 +1000 as excerpted:
3	>
4	>> With you having to compile thousands of stuffs if you build from stage
5	>> 1, I doubt that you will be able to verify every single thing you
6	>> compile and detect if something is actually doing sneaky stuff AND still
7	>> have the time to enjoy your system. Also, even if you build from stage 1
8	>> and manage to verify all the source code, you still need to download a
9	>> precompiled compiler which could possibly inject the malicious code into
10	>> the programs it compiles, and which can also inject itself if you try to
11	>> compile another compiler from source. If there is a single software that
12	>> is worth a gold mine to inject with malware to gain illicit access to
13	>> all Linux system, then it would be gcc. Once you infect a compiler,
14	>> you're invincible.
15	>
16	> Actually, that brings up a good question. The art of compiling is
17	> certainly somewhat magic to me tho I guess I somewhat understand the
18	> concept in a vague, handwavy way, but...
19
20	<SNIP>
21	>
22	> So anyway, to the gcc experts that know, and to non-gcc CS folks who have
23	> actually built their own simple compilers and can at least address the
24	> concept, is a previous gcc or other full compiler actually required to
25	> build a new gcc, or does it sufficiently bootstrap itself from the more
26	> basic tools such that unlike most code, it doesn't actually need a full
27	> compiler to build and reasonably optimize at all? That's a question I've
28	> had brewing in the back of my mind for some time, and this seemed the
29	> perfect opportunity to ask it. =:^)
30	>
31
32	And beyond Duncan's question (good question!) if I try to rebuild gcc
33	like it was an empty box using my current machine I see this sort of thing
34	where gcc is about the 350th of 385 packages getting built. It seems to
35	me that _any_ package that has programs running at the same or higher
36	level as emerge could be hacked and control what's actually placed on the
37	machine.
38
39	It's an endless problem if you cannot trust anything, and for most people,
40	and certainly for me, unverifiable the ways the tools work today.
41
42	c2RAID6 ~ # emerge -pve gcc
43
44	These are the packages that would be merged, in order:
45
46	Calculating dependencies... done!
47	[ebuild R ] app-arch/xz-utils-5.0.5-r1 USE="nls threads
48	-static-libs" ABI_X86="(64) (-32) (-x32)" 1,276 kB
49	[ebuild R ] virtual/libintl-0-r1 ABI_X86="(64) -32 (-x32)" 0 kB
50	[ebuild R ] app-arch/bzip2-1.0.6-r6 USE="-static -static-libs"
51	ABI_X86="(64) (-32) (-x32)" 0 kB
52	[ebuild R ] dev-libs/expat-2.1.0-r3 USE="unicode -examples
53	-static-libs" ABI_X86="(64) (-32) (-x32)" 550 kB
54	[ebuild R ] virtual/libiconv-0-r1 ABI_X86="(64) (-32) (-x32)" 0 kB
55	[ebuild R ] dev-lang/python-exec-2.0.1-r1:2
56	PYTHON_TARGETS="(jython2_5) (jython2_7) (pypy) (python2_7) (python3_2)
57	(python3_3) (-python3_4)" 0 kB
58	[ebuild R ] sys-devel/gnuconfig-20140212 0 kB
59	[ebuild R ] media-libs/libogg-1.3.1 USE="-static-libs"
60	ABI_X86="(64) (-32) (-x32)" 0 kB
61	[ebuild R ] app-misc/mime-types-9 16 kB
62	[ebuild R ] sys-apps/baselayout-2.2 USE="-build" 40 kB
63	[ebuild R ] sys-devel/gcc-config-1.7.3 15 kB
64
65	<SNIP, SNIP, SNIP>
66
67	[ebuild R ] media-libs/phonon-4.6.0-r1 USE="gstreamer (-aqua)
68	-debug -pulseaudio -vlc (-zeitgeist)" 275 kB
69	[ebuild R ] sys-libs/glibc-2.19-r1:2.2 USE="(multilib) -debug
70	-gd (-hardened) -nscd -profile (-selinux) -suid -systemtap -vanilla" 0
71	kB
72	[ebuild R ] sys-devel/gcc-4.7.3-r1:4.7 USE="cxx fortran
73	(multilib) nls nptl openmp (-altivec) -awt -doc (-fixed-point) -gcj
74	-go -graphite (-hardened) (-libssp) -mudflap (-multislot) -nopie
75	-nossp -objc -objc++ -objc-gc -regression-test -vanilla" 81,022 kB
76	[ebuild R ] sys-libs/pam-1.1.8-r2 USE="berkdb cracklib nls
77	-audit -debug -nis (-selinux) {-test} -vim-syntax" ABI_X86="(64) (-32)
78	(-x32)" 0 kB
79	[ebuild R ] dev-db/mysql-5.1.70 USE="community perl ssl
80	-big-tables -cluster -debug -embedded -extraengine -latin1
81	-max-idx-128 -minimal -pbxt -profiling (-selinux) -static {-test}
82	-xtradb" 24,865 kB
83	[ebuild R ] sys-devel/llvm-3.3-r3:0/3.3 USE="libffi
84	static-analyzer xml -clang -debug -doc -gold -multitarget -ocaml
85	-python {-test} -udis86" ABI_X86="(64) (-32) (-x32)"
86	PYTHON_TARGETS="python2_7 (-pypy) (-pypy2_0%) (-python2_6%)"
87	VIDEO_CARDS="-radeon" 0 kB
88	[ebuild R ] media-libs/mesa-10.0.4 USE="classic egl gallium llvm
89	nptl vdpau xvmc -bindist -debug -gbm -gles1 -gles2 -llvm-shared-libs
90	-opencl -openvg -osmesa -pax_kernel -pic -r600-llvm-compiler
91	(-selinux) -wayland -xa" ABI_X86="(64) (-32) (-x32)"
92	VIDEO_CARDS="(-freedreno) -i915 -i965 -ilo -intel -nouveau -r100 -r200
93	-r300 -r600 -radeon -radeonsi -vmware" 0 kB
94	[ebuild R ] x11-libs/cairo-1.12.16 USE="X glib opengl svg xcb
95	(-aqua) -debug -directfb -doc (-drm) (-gallium) (-gles2)
96	-legacy-drivers -openvg (-qt4) -static-libs -valgrind -xlib-xcb" 0 kB
97	[ebuild R ] app-text/poppler-0.24.5:0/44 USE="cairo cxx
98	introspection jpeg jpeg2k lcms png qt4 tiff utils -cjk -curl -debug
99	-doc" 0 kB
100	[ebuild R ] media-libs/harfbuzz-0.9.28:0/0.9.18 USE="cairo glib
101	graphite introspection truetype -icu -static-libs {-test}"
102	ABI_X86="(64) (-32) (-x32)" 0 kB
103	[ebuild R ] x11-libs/pango-1.36.5 USE="X introspection -debug"
104	ABI_X86="(64) (-32) (-x32)" 0 kB
105	[ebuild R ] x11-libs/gtk+-2.24.24:2 USE="introspection xinerama
106	(-aqua) -cups -debug -examples {-test} -vim-syntax" ABI_X86="(64)
107	(-32) (-x32)" 0 kB
108	[ebuild R ] x11-libs/gtk+-3.12.2:3 USE="X introspection xinerama
109	(-aqua) -cloudprint -colord -cups -debug -examples {-test} -vim-syntax
110	-wayland" 0 kB
111	[ebuild R ] dev-db/libiodbc-3.52.7 USE="gtk" 1,015 kB
112	[ebuild R ] app-crypt/pinentry-0.8.2 USE="gtk ncurses qt4 -caps
113	-static" 419 kB
114	[ebuild R ] dev-java/icedtea-bin-6.1.13.3-r3:6 USE="X alsa -cjk
115	-cups -doc -examples -nsplugin (-selinux) -source -webstart" 0 kB
116	[ebuild R ] dev-libs/soprano-2.9.4 USE="dbus raptor redland
117	virtuoso -debug -doc {-test}" 1,913 kB
118	[ebuild R ] app-crypt/gnupg-2.0.25 USE="bzip2 ldap nls readline
119	usb -adns -doc -mta (-selinux) -smartcard -static" 0 kB
120	[ebuild R ] gnome-extra/polkit-gnome-0.105 304 kB
121	[ebuild R ] kde-base/kdelibs-4.12.5-r2:4/4.12 USE="acl alsa
122	bzip2 fam handbook jpeg2k mmx nls opengl (policykit) semantic-desktop
123	spell sse sse2 ssl udev udisks upower -3dnow (-altivec) (-aqua) -debug
124	-doc -kerberos -lzma -openexr {-test} -zeroconf" 0 kB
125	[ebuild R ] sys-auth/polkit-kde-agent-0.99.0-r1:4 USE="(-aqua)
126	-debug" LINGUAS="-ca -ca@valencia -cs -da -de -en_GB -eo -es -et -fi
127	-fr -ga -gl -hr -hu -is -it -ja -km -lt -mai -ms -nb -nds -nl -pa -pt
128	-pt_BR -ro -ru -sk -sr -sr@ijekavian -sr@ijekavianlatin -sr@latin -sv
129	-th -tr -uk -zh_TW" 34 kB
130	[ebuild R ] kde-base/nepomuk-core-4.12.5:4/4.12 USE="exif pdf
131	(-aqua) -debug -epub -ffmpeg -taglib" 0 kB
132	[ebuild R ] kde-base/katepart-4.12.5:4/4.12 USE="handbook
133	(-aqua) -debug" 0 kB
134	[ebuild R ] kde-base/kdesu-4.12.5:4/4.12 USE="handbook (-aqua)
135	-debug" 0 kB
136	[ebuild R ] net-libs/libproxy-0.4.11-r2 USE="kde -gnome -mono
137	-networkmanager -perl -python -spidermonkey {-test} -webkit"
138	ABI_X86="(64) (-32) (-x32)" PYTHON_TARGETS="python2_7" 0 kB
139	[ebuild R ] kde-base/nepomuk-widgets-4.12.5:4/4.12 USE="(-aqua)
140	-debug" 0 kB
141	[ebuild R ] kde-base/khelpcenter-4.12.5:4/4.12 USE="(-aqua) -debug" 0 kB
142	[ebuild R ] net-libs/glib-networking-2.40.1-r1 USE="gnome
143	libproxy ssl -smartcard {-test}" ABI_X86="(64) (-32) (-x32)" 0 kB
144	[ebuild R ] net-libs/libsoup-2.46.0-r1:2.4 USE="introspection
145	ssl -debug -samba {-test}" ABI_X86="(64) (-32) (-x32)" 0 kB
146	[ebuild R ] media-plugins/gst-plugins-soup-0.10.31-r1:0.10
147	ABI_X86="(64) (-32) (-x32)" 0 kB
148	[ebuild R ] media-libs/phonon-gstreamer-4.6.3 USE="alsa network
149	-debug" 71 kB
150
151	Total: 385 packages (385 reinstalls), Size of downloads: 355,030 kB
152	c2RAID6 ~ #

Gentoo Archives: gentoo-amd64