Re: Back doors
Date: 5 Jan 2005 17:02:59 GMT
In article <crgoid$9ao$1@newsg4.svr.pol.co.uk>, Ant <not@home.today> wrote:
|"Walter Roberson" wrote:
|> Not necessarily. Free firewalls might be open source, and you could
|> examine the source code and compile it for yourself; and you could
|> compile the compiler for yourself in case you don't trust the
|> compiler. [...]
|A link to "Reflections on Trusting Trust" by Ken Thompson was posted
|recently in a similar discussion. He describes his backdoor in the
|Unix compiler.
|http://cm.bell-labs.com/who/ken/trust.html
I was of course referring to that ;-)
Note, though, if you read carefully, he didn't say that he
actually implimented the back door: he just shows some code snippets
that, broadly speaking, would have that effect.
--
Oh, to be a Blobel!
Relevant Pages
- Re: Inside an FBI Computer Forensics Lab
... properly reproduce or validate a piece of hardware. ... open source tools and well established procedures and methods are used ... like me could trivially design a black box which satisfied every ... possible to create a compiler that will recognizes your code during ...
(alt.privacy) - Re: LPC900/80C51 Compiler Toolchain
... There are some situations where commercial developers have advantages over open source developers - it is often easier to get restricted information from the microcontroller manufacturers. ... no top-quality open source alternatives (sdcc is, as far as I understand it, a perfectly reasonable compiler - but it is not a top-ranking 8-bit compiler in the same way that gcc is for many 32-bit targets). ... Any serious embedded developer can tell you horror stories of fights with licenses, ranging from broken hardware dongles, lost licenses after hard disk crashes or changing network cards, confusions over licensing policies resulting in waste time and money, long waits for license codes, issues when transferring the software to another computer, and other such problems. ... more manufacturers are going straight for a gcc port for newer 32-bit architectures, rather than the more traditional approach of working closely with a commercial developer. ...
(comp.arch.embedded) - Re: OT: efforts, emo crap...
... You cannot expect everybody to understand open source. ... for now, they want me to go to college, I guess this works. ... Liberate something which is only proprietory now. ... The Seed7 compiler now compiles to a C program which is ...
(comp.lang.misc) - Countering Trusting Trust through Diverse Double-Compiling
... The "trusting trust" attack subverts the compiler binary; ... If this attack goes undetected, even complete analysis of a system's source code will not find the malicious code that is running, and methods for detecting this particular attack are not widely known. ... This paper describes a practical technique, termed diverse double-compiling, that detects this attack and some unintended compiler defects as well. ...
(Bugtraq) - Re: LPC900/80C51 Compiler Toolchain
... There are some situations where commercial developers have advantages over open source developers - it is often easier to get restricted information from the microcontroller manufacturers. ... Even for those manufacturers which directly support gcc ports, there can be restrictions with some PHB wanting to keep details secret, which therefore cannot end up in open source code. ... no top-quality open source alternatives (sdcc is, as far as I understand it, a perfectly reasonable compiler - but it is not a top-ranking 8-bit compiler in the same way that gcc is for many 32-bit targets). ... Also the gcc port is usually created but not supported. ...
(comp.arch.embedded) |
|
