Re: [ubuntu-uk] Backdoors into computer systems was Ubuntu on the BBC!!!
Daniel Drummond: This reminds me of a story I heard a few years ago, [snip ken's evil compiler story] I had a paper related to that (On Trusting Trust) somewhere ... rummage rummage ... ah, here we go. Countering Trusting Trust through diverse double-compiling, David A. Wheeler. http://www.dwheeler.com/trusting-trust/ The basic idea is that you recompile the suspect compiler from source using a different, trusted compiler of your own. Then you use the result to compile itself from source and compare that binary with the original, suspect binary. If they're identical, the compiler is clean. jim -- Jim Cameron Software Engineer Buhler Sortex Limited Research and Development Department 20 Atlantis Avenue London E16 2BF Registered in England No. 434274 T +44(0)20 7055 7607 F +44(0)20 7055 7701 Mail to: jim.came...@buhlersortex.com www.buhlersortex.com This e-mail (including any attachments) is confidential, may be legally privileged and is designated exclusively for the intended recipient. Access by any other person is not authorised. Any disclosure of this e-mail or of names of persons mentioned therein as well as any storing, copying, distribution and dissemination is strictly prohibited. If you are not the intended recipient, please immediately delete this e-mail and notify the sender by phone or by e-mail. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Backdoors into computer systems was Ubuntu on the BBC!!!
Is this like what was reported with the Delphi compiler recently? 2009/10/23 jim.came...@buhlersortex.com Daniel Drummond: This reminds me of a story I heard a few years ago, [snip ken's evil compiler story] I had a paper related to that (On Trusting Trust) somewhere ... rummage rummage ... ah, here we go. Countering Trusting Trust through diverse double-compiling, David A. Wheeler. http://www.dwheeler.com/trusting-trust/ The basic idea is that you recompile the suspect compiler from source using a different, trusted compiler of your own. Then you use the result to compile itself from source and compare that binary with the original, suspect binary. If they're identical, the compiler is clean. jim -- Jim Cameron Software Engineer Buhler Sortex Limited Research and Development Department 20 Atlantis Avenue London E16 2BF Registered in England No. 434274 T +44(0)20 7055 7607 F +44(0)20 7055 7701 Mail to: jim.came...@buhlersortex.com www.buhlersortex.com This e-mail (including any attachments) is confidential, may be legally privileged and is designated exclusively for the intended recipient. Access by any other person is not authorised. Any disclosure of this e-mail or of names of persons mentioned therein as well as any storing, copying, distribution and dissemination is strictly prohibited. If you are not the intended recipient, please immediately delete this e-mail and notify the sender by phone or by e-mail. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/ -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
