Re: oaklisp: contains 500kB binary in source
Walter Landry wrote:
Marco Franzen <Marco.Franzen@bigfoot.com> wrote:
Barak Pearlmutter wrote:
This is a technical issue related to ease of bootstrapping on a new
architecture, and not a legal issue.
It may not be a legal issue, but I think it is more than merely
technical. It does touch the freeness question.
We can reproduce the executable, and we can make modifications to
create a new executable. Free software does not mean that the
compilers used to create executables are free from bugs, malicious or
not.
But it requires (among other things) that you have full source code.
Ken Thompson's article is just about a particularly devious way
of hiding a bug. It doesn't make the bug immune from detection, just
a heck of a lot more difficult.
Ken Thompson demonstrated a technique to piggy-back a malicious routine
into a bootstrap binary so it propagates into binaries created by it
without being present in its apparent source.
More generally it is a technique to hide source code from you,
without you even being aware of it.
It can be used not only to piggy-back malicious extra-functionality but
also (if that convinces you more) to hide parts of the payload
functionality. You could (not very subtly) provide a
dump_compiler primitive in your language dialect, so your compiler
source could be completely absent. Or you could just hide a proprietary
subsystem for, say garbage collection. How do you know you have (all)
the source for the functionality that you actually want, short of
reading and understanding all the source and how it all fits together?
Of course, in the end of the day, this is all about trust.
A malicious person could become a DD and do all sorts of bad things
until they are found out.
Should it be a judgement call by the packager (guided by how well they
know upstream, how well they understand the code, etc)?
Marco
Reply to: