if you guys are really worried about a Ken Thompson-style hack in gcc
In a recent thread entitled "Re: Unofficial buildd network has been shut
down", several people started tossing around FUD about the possibility of
a Ken Thompson-style hack in gcc.
If any of you are seriously worried about this, please do the following:
1) prove that there is no KT-style hack on the Solaris version of gcc:
a) bootstrap gcc from source, starting from Sun's C compiler.
b) bootstrap gcc from source, starting from any version of gcc
Compare compilers a and b. Other than timestamps in .o files, the
produced .o files will be byte-for-byte identical (for ELF, you need
to avoid comparing the first 16 bytes of each file; see the code in
"make compare" in GCC's makefile).
To be pedantic, it could be possible that an evil genius has somehow
inserted the same KT-style hack into Sun's compiler, and maintained those
hacks in perfect synchrony over the 15+ years of GCC's existence so that
Sun and GNU would miscompile each others' compilers. Believe that one and
you're a loon, sorry.
2) now generate a guaranteed-clean GNU/Linux compiler by building a cross
compiler. This is kind of tricky; Google for "crossgcc howto".
Finally, use this compiler to build the Debian-patched gcc. You've
eliminated any possible evil that the Debian gcc team might have
installed. Congratulations.
Reply to: