| > With a binary, one can compare a hash You lift a suspected binary from a machine that's under suspicion. You hash it and it matches a known good file. You declare victory, pat yourself on the back, and return it back into service. 3 months later all of your data is exfiltrated because you assumed that your attacker is an idiot. > it needs additional effort by the attacker to search for the binary Additional effort: #include "stdio.h"
#include "unistd.h"
void main() {
char path[512];
readlink("/proc/self/exe", path, sizeof(path));
unlink(path);
printf("Poof, I disappeared from: %s\n", path);
}
> You sound like the people who told me two decades ago that reproducible builds are a waste of time.Except I wouldn't say that because these ideas are completely unrelated. Define your threat model and specify what problem you're trying to solve. Don't be the type of person who encrypts passwords because they heard that encryption is good for protecting data. You demonized curl|bash because it "doesn't have a proper trust chain" and attacked the project for "not understanding security" with really weak arguments, now you're retreating all the way back to claim some fringe benefits to maybe-possibly discover the source of infection, and only if your attacker is lazy not to try to cover their tracks. Continuing that argument like it's the same one you originally presented is quite a disrespectful way of wasting people's time: https://en.wikipedia.org/wiki/Motte-and-bailey_fallacy |