eric@remailer.net (Eric Hughes) writes:
Read Ken Thompson's Turing Award lecture for why that isn't sufficient. Its quite amusing.
I'm quite familiar with the work. [For those who aren't, it's about compilers that compile in self-perpetuating bugs from their own source code.]
Get the essay that Perry mentioned and start there. Keep in mind that object code can be interpreted in many different ways, only one of them typically expected.
I strongly agree with both Perry that it is amusing and with Eric that everyone should read it. But I see it as more germane than Eric. It is not about arbitrary self perpetuating bugs from source. It is about serious security holes that are self perpetuatated by the binaries of the complier. The compiler ignores its own source and generates security hacked binaries, even when the source looks like it is corrected. One strongly held belief among lots on this list and in the PGP advocacy world is that the availability of source guarentees security. Thompson's lecture throroughly dispells that hope, crushing the "guarentee" completely. Drawing from Thompson, a simple MD5 is not sufficient. Youd have to have multiple compilers, perferably on different cpu architectures, build the tool from source, and compare the results. Then, and only then, could you claim that you were secure. Of course, this is far too much work to be practical. And this approach is impracticale without need to invent a conspiracy between the compiler developers. Pat p.s. HappyNewYear! Pat Farrell Grad Student pfarrell@cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include <standard.disclaimer>