17 Dec
2003
17 Dec
'03
11:17 p.m.
From: "Ian Farquhar" <ianf@sydney.sgi.com> I take it you mean recompile the binary every time? Because you'd need to have source around to recompile it from, and the attacker could modify that source even more easily than he or she could hack the binary. The idea is to make tampering with the binary detectable. Recompile the binary from newly uploaded source each time. MD5 source isn't more than about 10K long. That's all of a few seconds of upload time. I am pretty much certain that to make such a system perfectly secure under these conditions is impossible. That's right. Eric