[ale] The FUD Never Stops

Jason Day jasonday at worldnet.att.net
Mon Apr 12 13:23:44 EDT 2004


On Mon, Apr 12, 2004 at 11:18:34AM -0500, Michael D. Hirsch wrote:
> Y'all excuse me while I go and spend the rest of my life writing my own 
> software.

Actually, even that is not good enough.  That quote by Ken Thompson is
the moral to the story of Ken's infamous hack of the UNIX C compiler,
which inserted a backdoor into the login command.  Once the hacked
compiler was "in the wild", there was no way to look at any source and
detect the back door.  Even recompiling the C compiler wouldn't help.
The ACM article containing the quote is here:
http://www.acm.org/classics/sep95/ .  It's well worth the read.

In short, there's no way to absolutely trust software unless you
hand-code your own assembler using nothing but binary opcodes.  Then you
can code a compiler in assembly language and use your trusted assembler
to build it.

But that doesn't take hardware into account...

-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9



More information about the Ale mailing list