[Cryptography] Transactional software updates

Phillip Hallam-Baker phill at hallambaker.com
Thu Oct 26 22:02:50 EDT 2017


I think the talk of file systems is missing the point here.

Yes, you can do stuff that requires kernel mode features and a fancy
file system. But these capabilities are MUCH better supported in user
mode with a small piece of code in the program loader to perform the
necessary validation and signature checking.

There are software distributions that include data that is mutable but
this is rare. Most cases, a software package consists of executable
images, shared libraries and static data. These may be unpackaged into
the file system but almost all of that work is to duplicate the
developer's environment on the target machine.

If the necessary indexes are provided, there is no reason that most
software distributions couldn't simply execute straight out of the
distribution zip file.

I really, really dislike the idea that any code that is not shipped by
the platform vendor should ever modify any part of the platform. I
detest shared libraries, I see absolutely no reason for them on modern
machines when a 0.25 TB SD card can be had for a few bucks.

The only time a shared library is ever justified is when the platform
itself is being extended. Installing the latest version of DirectX for
example. But the cases where I see a need on modern machines is almost
nil.

Rather than using shared libraries, I would like to see the use of
approaches that strip down linked libraries to exactly the methods
that are actually called.


More information about the cryptography mailing list