-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/11/2014 11:32 AM, Rich Jones wrote:
Compilers seems like an extremely prime target for manipulation, but as far as I am aware there hasn't been anything mentioned about this yet. Has anybody here heard anything that I haven't?
Read Dr. David A. Wheeler's dissertation, _Fully Countering Trusting Trust through Diverse Double-Compiling - Countering Trojan Horse attacks on Compilers_. It is also worth noting that there are more open source compilers out there than it seems at first scratch; one in particular called TCC (Tiny C Compiler) is relatively small as compilations go so it's much easier to read through and audit as a way of bootstrapping a compilation toolchain. It can also compile other compilers quite nicely... http://www.dwheeler.com/trusting-trust/ - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "We could be readin' a book." --Huey, _The Boondocks_ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL6xmsACgkQO9j/K4B7F8ENGgCgiq4URGIfsIHxrQzQvdD6SIPC ypYAoIHtdVXkaYkLzwgXUGoXbThic3rR =ZkTL -----END PGP SIGNATURE-----