mitigating non-determinism
Bernhard M. Wiedemann
bernhardout at lsmod.de
Fri Jun 28 04:58:11 UTC 2024
On 18/06/2024 16.59, John Gilmore wrote:
> Anytime we find programs using uninitialized memory, we should debug
> them, not change the build environment to make them seem OK.
Yes, these are bugs and they should be fixed (unless it is the only
source of entropy in openssl [1]).
However, there is an infinite number of sources [2] and I cannot
debug+fix all of them.
Meanwhile, I can disable ASLR in our build environment (because nobody
needs it there anyway) and be able to verify that produced binaries
correspond to the sources.
That is (the) one goal of reproducible-builds and this mitigation gets
me closer to it.
Ciao
Bernhard M.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=363516
[2] citation needed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.reproducible-builds.org/pipermail/rb-general/attachments/20240628/5db0b07a/attachment.sig>
More information about the rb-general
mailing list