[ccache] Possible vulnerability induced by the use of MD4?

[Raphaël Marinier]

Hello,

I was wondering why ccache uses MD4 (which is cryptographically
insecure) to decide whether a file should be recompiled.

It seems that an attacker could take advantage of that to introduce a
vulnerability in the binaries of a software compiled using ccache.
Namely, an attacker could do the following:
- find two source files A and B such that:
   * the MD4 hashes of A and B are the same (published attacks to MD4
don't allow to do that directly, but since MD4 is deeply broken, it is
reasonable to think that it is possible)
   * A introduces a vulnerability in the software, whereas B seems
secure (and looks like A)
- make sure A is committed in the repository of the software, and make
sure those who distribute the binaries compile the software with
ccache
- replace A by B, apparently correcting the vulnerability. Now, when
people recompile the software using ccache, the vulnerable source is
not recompiled and may be distributed... (Thus the vulnerability in
the software is corrected, whereas it is still present in the
binaries).

Any thoughts?

--
Raphaël M.