Snowden and Compilers
The Doctor
drwho at virtadpt.net
Tue Feb 11 16:55:07 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/11/2014 11:32 AM, Rich Jones wrote:
> Compilers seems like an extremely prime target for manipulation,
> but as far as I am aware there hasn't been anything mentioned about
> this yet. Has anybody here heard anything that I haven't?
Read Dr. David A. Wheeler's dissertation, _Fully Countering Trusting
Trust through Diverse Double-Compiling - Countering Trojan Horse
attacks on Compilers_. It is also worth noting that there are more
open source compilers out there than it seems at first scratch; one in
particular called TCC (Tiny C Compiler) is relatively small as
compilations go so it's much easier to read through and audit as a way
of bootstrapping a compilation toolchain. It can also compile other
compilers quite nicely...
http://www.dwheeler.com/trusting-trust/
- --
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/
"We could be readin' a book." --Huey, _The Boondocks_
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL6xmsACgkQO9j/K4B7F8ENGgCgiq4URGIfsIHxrQzQvdD6SIPC
ypYAoIHtdVXkaYkLzwgXUGoXbThic3rR
=ZkTL
-----END PGP SIGNATURE-----
More information about the Testlist
mailing list