[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Snowden and Compilers



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/11/2014 11:32 AM, Rich Jones wrote:

> Compilers seems like an extremely prime target for manipulation,
> but as far as I am aware there hasn't been anything mentioned about
> this yet. Has anybody here heard anything that I haven't?

Read Dr. David A. Wheeler's dissertation, _Fully Countering Trusting
Trust through Diverse Double-Compiling - Countering Trojan Horse
attacks on Compilers_.  It is also worth noting that there are more
open source compilers out there than it seems at first scratch; one in
particular called TCC (Tiny C Compiler) is relatively small as
compilations go so it's much easier to read through and audit as a way
of bootstrapping a compilation toolchain.  It can also compile other
compilers quite nicely...

http://www.dwheeler.com/trusting-trust/

- -- 
The Doctor [412/724/301/703] [ZS]
Developer, Project Byzantium: http://project-byzantium.org/

PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
WWW: https://drwho.virtadpt.net/

"We could be readin' a book." --Huey, _The Boondocks_

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlL6xmsACgkQO9j/K4B7F8ENGgCgiq4URGIfsIHxrQzQvdD6SIPC
ypYAoIHtdVXkaYkLzwgXUGoXbThic3rR
=ZkTL
-----END PGP SIGNATURE-----