Fedora 28 Looking At Annobin For Binary Watermarking / Implanting Extra Information
A new feature being considered for Fedora 28 is Annobin as a new GCC plugin that would implant extra information into generated binaries.
The GCC Annobin plugin would store extra information within binary files. Among the possibilities are storing ABI details, hardening options, or other build information into binaries that in turn could be picked up by used by other scripts for e.g. detecting potential ABI conflicts or embedding unit test results.
Annobin stores information in Fedora's toolchain watermark format and currently this plugin is just for GCC.
The proposal for incorporating Annobin by default in Fedora 28 is outlined on the Fedora Wiki while this change more broadly outlines their toolchain watermark work.
Already this proposal has received some criticism, namely that embedded extra information into binaries will increase the file size but this embedded information isn't relevant to all users, so perhaps it may be better kept into the debug-type builds.
The GCC Annobin plugin would store extra information within binary files. Among the possibilities are storing ABI details, hardening options, or other build information into binaries that in turn could be picked up by used by other scripts for e.g. detecting potential ABI conflicts or embedding unit test results.
Annobin stores information in Fedora's toolchain watermark format and currently this plugin is just for GCC.
The proposal for incorporating Annobin by default in Fedora 28 is outlined on the Fedora Wiki while this change more broadly outlines their toolchain watermark work.
Already this proposal has received some criticism, namely that embedded extra information into binaries will increase the file size but this embedded information isn't relevant to all users, so perhaps it may be better kept into the debug-type builds.
7 Comments