Eric Hughes writes:
From: "Ian Farquhar" <ianf@sydney.sgi.com>
Recompile the binary from newly uploaded source each time. MD5 source isn't more than about 10K long. That's all of a few seconds of upload time.
Irritating [...]
??? An upload can be automated, just like anything other solution.
Then the automated part (script or whatever) simply becomes another piece that needs to be protected.
You can't go about protecting against the modification of binaries by relying upon one of your binaries being better protected than the rest. There's an infinite regress involved here. The solution is to go outside the regress. Recreating the binary from scratch is one way. I'm sure there are others.
No -- in the absence of other measures, recreating the binary from scratch is not such a way. You've merely added the compiler and its associated utilities to your regression list. Nothing is gained -- other than additional irritation and delay. -- Jeff