[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages removed from frozen

On Wed, Feb 09, 2000 at 01:08:52PM +0100, Nils Jeppe wrote:
> On 9 Feb 2000, Manoj Srivastava wrote:
> >         Read about the C compiler that included a binary trojan when
> >  it compiled itself (without the troan ever appearing in the source
> >  code), or when it compiled login, to see what I mean.
> Well but that was afaik never put into practice. ;)

According to http://www.acm.org/classics/sep95/ it seems it was.

But in my opinion, if we rely on GCC not having that (or a similar) hack,
we have a single - hard to verify - point of failure.  With several
independently bootstrapped compilers it's harder to infect the whole
system by cracking a compiler.

%%% Antti-Juhani Kaijanaho % gaia@iki.fi % http://www.iki.fi/gaia/ %%%

                             (John Cage)

Reply to: