[Slackware security] Potential backdoor risk in Rust
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The same is true of gcc. Apparently other C compilers can't build it. But I haven't noticed anyone complaining about that.
That's a great point and it bolsters my general argument that good security isn't achieved in this way. It's like feeding ground-up cows to cows, which caused the spread of Mad Cow disease in places like the UK.
But there is a huge difference between GCC and rust: the latter's build script is written to download binaries as if it were a proactive good idea instead of reckless. I haven't tried to build GCC lately, but I don't recall it ever did that.
Should GCC be made to build with the simplest possible C compiler? Yes. It has become appalling bloatware. The more code, the more vulnerabilities.
What are your thoughts on:
Garlic, stakes, the heart, thresholds of doors, mirrors, rice in bowls, running water, sunny mornings, life energy, bats and strange hairstyles that look like breasts?
That's a great point and it bolsters my general argument that good security isn't achieved in this way. It's like feeding ground-up cows to cows, which caused the spread of Mad Cow disease in places like the UK.
But there is a huge difference between GCC and rust: the latter's build script is written to download binaries as if it were a proactive good idea instead of reckless. I haven't tried to build GCC lately, but I don't recall it ever did that.
Should GCC be made to build with the simplest possible C compiler? Yes. It has become appalling bloatware. The more code, the more vulnerabilities.
Basically, there you accuse Mozilla of shipping binaries with backdoors. Did you have a proof for?
Unless you provide publicly a proof of your claims, I accuse you of being just a troll hired by a major Mozilla competitor to spread FUD.
So, you are payed per post or per campaign? I wonder if it is really worth this trolling...
Last edited by LuckyCyborg; 08-14-2020 at 02:13 PM.
In order to compile Rust on a system that doesn't have it, the rust build script x.py insists on downloading binaries. You are expected to be OK with that. But no one is telling users it's happening so that they could make an informed decision.
The result is that compiling rustc is done in stages:
Stage 0: the stage0 compiler is usually (you can configure x.py to use something else) the current beta rustc compiler and its associated dynamic libraries
(which x.py will download for you). This stage0 compiler is then used only to compile rustbuild, std, and rustc.
Or, like I said previously, build a rust cross-compiler and then the stage0 compiler on a platform where a rust compiler already exists. Hopefully you are now on such a platform and it is not Slackware. That would be really nice.
It should be possible for everyone to rebuild the distro, get hashes for every txz file, and when they compare their hashes they should be identical.
That's the concept of reproducible builds. It's just a simple concept that source tarball X always gives you binary Y.
Open source doesn't mean much if the binaries that are offered online don't match those that you build yourself.
Reproducible builds have the potential to protect against fraud, as when some project says "these are the sources we use" but actually they're patching it with malware because they want to, or some organization is pressuring them to.
A reproducible build is not a requirement of open source. A lot of factors would need to be in place to support reproducible builds and it's not every project's goal to support that. Just because you want it and think it should be possible doesn't mean the distro/project maintainer is keen on supporting it.
As it stands, it's impossible to get reproducible builds on Slackware. That's just not the way Pat develops Slackware. Each update is incremental and built on all the previous updates. The only way you could get close to reproducible builds (which will still have issues due to timestamps), would be by starting with the "last great rebuild" back in 2018 and then build updated packages in the update sets that Pat pushed out to -current. That may still not lead to a comparable result if you happen to compile things in a different order than Pat did which might result in different binaries.
Unless Pat announces his intention to support reproducible builds, you shouldn't expect Slackware to support the concept. I'll repeat myself... reproducible builds are not a requirement of open source. It's just a belief from some that open source software should be able to lead to reproducible builds.
Last edited by bassmadrigal; 08-14-2020 at 05:41 PM.
You might be interested in Tavis Ormandy's post: "You don’t need reproducible builds" http://blog.cmpxchg8b.com/2020/07/yo...le-builds.html
It probably doesn't fit your views, but at least it exposes an interesting point of view.
Sure I'm open minded. Unlike some of the petty responders in this thread (Geist, Luckycyborg), Tavis behaves like an adult and is an authority.
A reproducible build is not a requirement of open source.
That's not an argument against it. And really you're arguing semantics, like saying seatbelts aren't a requirement of driving. It's a weak argument, and you don't come off sounding like an authority, but more like you are a defender of an orthodoxy that can't be defended.
You're repeatedly misconstruing my position in order to issue your straw man argument and now you're resorting to an ad hominem. Shame on you. According to Rust proponents it cannot be built without a rust compiler. That's the flaw I'm pointing out that allows for backdooring. Sure, a broken rustc and rust library are included with Slackware, but based on everything I'm hearing and the unbalanced way you're arguing, it seems very unlikely that Slackware is built in a safe manner. You're reacting more like someone who was caught doing something wrong.
A reproducible build is not a requirement of open source. A lot of factors would need to be in place to support reproducible builds and it's not every project's goal to support that.
Depends how you define "reproducible", doesn't it. Revolver seems to be talking about exact reproducibility, i.e. the hash of the built version is always the same. Actually I believe gcc uses that test: the gcc that you build rebuilds itself twice over and checks whether the result is exactly the same (unless you tell it to omit that). But for ordinary users like me, all that is required in most cases is that the functionality be the same. That means having access to the configure and make arguments that were used in a given build, so that you can reproduce them.
Yes, it's "open source" even if you don't have that info. But surely having it makes it more "open" than it would otherwise have been.
You're repeatedly misconstruing my position in order to issue your straw man argument and now you're resorting to an ad hominem. Shame on you. According to Rust proponents it cannot be built without a rust compiler. That's the flaw I'm pointing out that allows for backdooring. Sure, a broken rustc and rust library are included with Slackware, but based on everything I'm hearing and the unbalanced way you're arguing, it seems very unlikely that Slackware is built in a safe manner. You're reacting more like someone who was caught doing something wrong.
In other hand, a GCC compiler cannot be built without a GCC compiler. And a CLang compiler cannot be built without a CLang compiler. Even a FreePascal compiler cannot be built without a FreePascal compiler.
According with your position, this allows for compiler backdooring and certainly no Linux distribution is built in a safe manner, be it Slackware, RHEL, Fedora, OpenSuSE, Debian, Ubuntu or whatever.
Heck, we should not forget the Microsoft compilers, which are shipped as binaries only, then also according to you, this allows for backdooring.
Then, every compiler around the World allows the "backdooring" and everybody is plain stupid, excluding YOU?
We should just shutdown en masses the computers all over World because no one is safe and to join your way, marching and yelling "Hail Resolver!" ???
I for one, I believe that you are nuts.
Last edited by LuckyCyborg; 08-15-2020 at 11:57 AM.
In other hand, a GCC compiler cannot be built without a GCC compiler. And a CLang compiler cannot be built without a CLang compiler. Even a FreePascal compiler cannot be built without a FreePascal compiler.
That's true of gcc but not of clang. In LFS, clang is built as an optional part of llvm, using gcc as the compiler.
That's true of gcc but not of clang. In LFS, clang is built as an optional part of llvm, using gcc as the compiler.
My bad!
BUT, this does not changes much the credibility of CLang, considering that GCC is already "backdoorable" according with the Security Genius Resolver's teachings, who bothered to share with us his godsend knowledge...
So, the "eventual backdoor" from GCC propagates on CLang at compilation times.
Last edited by LuckyCyborg; 08-15-2020 at 12:16 PM.
You're repeatedly misconstruing my position in order to issue your straw man argument and now you're resorting to an ad hominem. Shame on you. According to Rust proponents it cannot be built without a rust compiler. That's the flaw I'm pointing out that allows for backdooring. Sure, a broken rustc and rust library are included with Slackware, but based on everything I'm hearing and the unbalanced way you're arguing, it seems very unlikely that Slackware is built in a safe manner. You're reacting more like someone who was caught doing something wrong.
Yeah yeah. What again was wrong with Slackware's rust compiler and library?
I must note that your argumentation of "based on everything I'm hearing" is exactly how a certain US president likes to bring his arguments, which is not doing you a lot of good here. Instead, please provide solid proof of you claims that can either be substantiated or proven wrong.
Regarding the substantive part of this thread, what is the actual technical chain of trust when building rust on Slackware? I understand that checksums of all Slackware source files are signed by Slackware, but where is the upstream signing for the rust source itself? Related to that, when rust downloads these "untrusted binaries", I would be very surprised if they weren't verified by pre-signed checksums (as in, upstream signed). Could somebody knowledgable explain how it functions? (and if you don't really know, please don't answer, thank you!).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.