Countering the trusting trust attack
Posted Feb 3, 2010 13:25 UTC (Wed) by hppnq
In reply to: Countering the trusting trust attack
Parent article: Security in the 20-teens
how can they trust YOUR compiler?
They can't, that's the principle of the Thompson attack.
One answer is to use your C-in-Forth compiler to compile the original compiler source code (say GCC), then use THAT compiler executable to compile the original compiler source code again.
The suggestion was -- and I think it is the only correct one -- that the compiler used to compile the compiler-compiler does not need to be compiled itself. If it does need to be compiled, the question remains: what compiler will you use to do that?
the resulting executable should be exactly the same as your original executable. Once you've shown that they are equal, then that means either both were subverted in the same way, OR that the original executable isn't subverted.
But can you tell which conclusion is the right one without having to assume that the original executable was not subverted in the first place? It seems to me that a meaningful conclusion can be drawn only when the two executables are not the same, so you can positively identify a subverted compiler.
to post comments)