[ale] The FUD Never Stops
Jason Day
jasonday at worldnet.att.net
Mon Apr 12 13:23:44 EDT 2004
On Mon, Apr 12, 2004 at 11:18:34AM -0500, Michael D. Hirsch wrote:
> Y'all excuse me while I go and spend the rest of my life writing my own
> software.
Actually, even that is not good enough. That quote by Ken Thompson is
the moral to the story of Ken's infamous hack of the UNIX C compiler,
which inserted a backdoor into the login command. Once the hacked
compiler was "in the wild", there was no way to look at any source and
detect the back door. Even recompiling the C compiler wouldn't help.
The ACM article containing the quote is here:
http://www.acm.org/classics/sep95/ . It's well worth the read.
In short, there's no way to absolutely trust software unless you
hand-code your own assembler using nothing but binary opcodes. Then you
can code a compiler in assembly language and use your trusted assembler
to build it.
But that doesn't take hardware into account...
--
Jason Day jasonday at
http://jasonday.home.att.net worldnet dot att dot net
"Of course I'm paranoid, everyone is trying to kill me."
-- Weyoun-6, Star Trek: Deep Space 9
More information about the Ale
mailing list