On Wed, Sep 01, 2004 at 02:18:55PM -0700, Thomas Bushnell BSG wrote: > Andrew Suffield <asuffield@debian.org> writes: > > > It's a cute idea, that gets a lot of attention from uninformed people, > > but it can't work in practice. I for one should have noticed if gcc > > were miscompiling itself in such a fashion - there would be a big > > chunk of inexplicable code. > > Where would that code exist? The point of Ken Thompson's paper is > that the code is never found in the source. Do you actually look at > gcc binaries and make sure there are no extra functions in them? How > would you notice? I would notice because there would be too much code in the binary; it's reasonably easy to verify with some simple automation. It would require hundreds of instructions to do something like this, which would have no corresponding source code. Yes, on occasion I have dug into gcc binaries while debugging modifications to gcc. I wasn't actually looking for this sort of thing, so I can't be sure offhand - but thinking back, there are a couple of occasions where I *should* have noticed something that was present in the binary and not the source (automated matching of source to binary and tracking the effects of my changes; gcc itself makes a good test case). It would not be difficult to vary the technique and ensure there are no such things hiding in the file. I don't believe in conspiracies so large that they could stop some random perl script from spotting the hidden code; the sheer *quantity* of hidden trojans you'd need would make them rather easy to spot. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature