|
Title: need to check that binaries are generated from the exact source code Post by: wolciph on May 05, 2011, 09:51:26 AM There is obviously a need to check that the bitcoin binary is indeed produced by building the source code which has (hopefully) been thoroughly checked. Otherwise someone could potentially introduce a backdoor to for instance steal bitcoins. This is especially important since I suppose most people using bitcoins do not bother with compiling it and as we gather more users, there will be more and more people using the precompiled binary.
To quote the README.md file: Quote The master branch is regularly built and tested (by who? need people willing to be quality assurance testers), and periodically pushed to the subversion repo to become the official, stable, released bitcoin. In order to check the binary we need to be able to reproduce it exactly from the source. For that, we need to know the exact version of the compiler used, the exact version of the libraries used, a script that reproduces every step of the building process (modifications to the makefile, stripping debug symbols, ...), and anything else that I may have forgotten. So please, whoever is in charge of creating the compiled packages (Gavin Anderson?), give us all the information needed to check them. Title: Re: need to check that binaries are generated from the exact source code Post by: wumpus on May 05, 2011, 10:13:04 AM But if you went through all those steps to check the binary, you have built it yourself. So why not build it from source in the first place?
Title: Re: need to check that binaries are generated from the exact source code Post by: wolciph on May 05, 2011, 10:20:28 AM But if you went through all those steps to check the binary, you have built it yourself. So why not build it from source in the first place? We would not be checking it for ourselves but for all the other people using bitcoin.Maybe you are using the precompiled version. How do you know it doesn't have a backdoor? You don't! because nobody is checking. Title: Re: need to check that binaries are generated from the exact source code Post by: dikidera on May 05, 2011, 10:23:34 AM I think what he's trying to say is that a random user can compile the program and say "Hey, i added X feature to bitcoin, try it!".
While in fact it had code that copies wallet.dat and send it to a remote server for someone else's use or directly sending the coins to a 'new' address. Title: Re: need to check that binaries are generated from the exact source code Post by: wolciph on May 05, 2011, 10:28:31 AM I think what he's trying to say is that a random user can compile the program and say "Hey, i added X feature to bitcoin, try it!". No, I'm talking about the main version of bitcoin. You can't know that the person who compiled it didn't modify the code a bit just before doing so.While in fact it had code that copies wallet.dat and send it to a remote server for someone else's use or directly sending the coins to a 'new' address. Title: Re: need to check that binaries are generated from the exact source code Post by: wumpus on May 05, 2011, 10:34:37 AM You're right, that makes sense.
But speaking from experience, it will be very difficult though to exactly reproduce a compilation environment. Getting the same targets is incredibly hard. A small unrelated difference in a .h file in some vague dependency can have impact on the optimisation process resulting in slightly different executable. For some compilers, even the time and date (of the source files) and who knows, phase of the moon could matter :P You could package the build environment as a VMWare/Virtualbox image and distribute that. But that'd only be legal for Linux. Also, how can you be sure that hasn't been tampered with. Hmm... Edit: another solution would be to completely implement the bitcoin client in a readable language such as Python, that doesn't need a compile chain. Verifying is then a piece of cake. But where do you get the Python interpreter from... Short story: just compile it yourself with your own trusted tools, ignore the posted binaries Title: Re: need to check that binaries are generated from the exact source code Post by: Matt Corallo on May 05, 2011, 10:45:12 AM He makes a good point and it is going to be fixed in 0.4.0. For the next release, there will be a build script (put together by devrandom) which builds bitcoin deterministically and signs the results meaning 1. anyone can build bitcoin and get the exact same binary as a result and 2. the releases are made by having trusted developers sign the results so that no central authority has "the keys" to everyone's binaries. All this said, you can currently audit the build as Gavin posts ec2 instances on each release which you can bootup and build bitcoin/check the system (if you have an EC2 account).
Title: Re: need to check that binaries are generated from the exact source code Post by: wumpus on May 05, 2011, 10:47:41 AM Cool!
Does that also work for the Windows version? (whose users are the biggest consumers of binaries, probably) Title: Re: need to check that binaries are generated from the exact source code Post by: Matt Corallo on May 05, 2011, 10:56:11 AM Cool! Yes, hopefully crosscompiling via MinGW will be used for the Windows version (it works now, but needs to be implemented in the new build process). However, AFAIK its not doable for Mac. If anyone knows of a way to do deterministic building, please contact me or devrandom.Does that also work for the Windows version? (whose users are the biggest consumers of binaries, probably) Title: Re: need to check that binaries are generated from the exact source code Post by: wolciph on May 05, 2011, 11:01:16 AM Good hearing that, BlueMatt.
|