[ale] Opera 7.11 Linux Final is Out

Chris Ricker kaboom at gatech.edu
Wed May 21 16:03:11 EDT 2003


On Wed, 21 May 2003, Joseph Knapka wrote:

> And even *with* source, you can't be gauranteed your system is secure,
> *even if* you read (and understand the security consequences of) every
> line of code in every app. The only way you can can achieve gauranteed
> security is by unplugging your machine from line current. Do you build
> GCC from source before you build any apps for your system? If you
> don't, how do you know GCC isn't inserting backdoors into every piece
> of software you build? Even if you do build GCC from source, you can't
> be certain this kind of thing isn't going on - the GCC you build your
> GCC with could be inserting the backdoor-insertion code. So to
> *really* be secure, you'd better hand-compile the GCC source, or
> write your own C compiler from scratch in machine code (can't
> trust gas or nasm, either).

For the classic example of this, read Ken Thompson's Turing Award Lecture,
"Reflections on Trusting Trust" (_Communication ACM_, Vol. 27, No. 8, August
1984), where he confesses his C compiler that backdoored login every time it
was compiled, and also backdoored a C compiler whenever it was compiled to
include his login backdoor....

<http://cm.bell-labs.com/who/ken/trust.html>

later,
chris
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list