LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

A tempest in a toybox

LWN.net Weekly Edition for January 26, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Cross compiling compiler

Cross compiling compiler

Posted Apr 9, 2004 7:28 UTC (Fri) by baldrick (subscriber, #4123)
In reply to: Cross compiling compiler by pynm0001
Parent article: Green Hills Software on free software in the military

Probably what he means is that you bootstrap gcc using a non-gcc
compiler and also using gcc itself. If the final gcc you get is the same
in both cases then you can be pretty sure there is no Thompson trojan
lurking inside gcc. I understand that this is one of the reasons the gcc
developers work hard to make gcc compilable by a wide range of other
compilers.

(Log in to post comments)

Cross compiling compiler

Posted Apr 9, 2004 7:37 UTC (Fri) by pynm0001 (guest, #18379) [Link]

Ah, that's a good idea. Although I feel that my other argument about
equivalent code remains. A non-gcc compiler shouldn't produce the same
exact binary that gcc itself would, merely one which works the same.

Cross compiling compiler

Posted Apr 9, 2004 12:13 UTC (Fri) by libra (guest, #2515) [Link]

That's why I added the term iteration in my post. The idea is :

Compile GCC with compiler C_A on platform P_A for platform P
Compile GCC with compiler C_B on platform P_B for platform P
(with C_A != C_B and P_A != P_B but not necessary C_x != GCC or P_x != P)

Then on platform P you have GCC_A and GCC_B, they are certainly note binary equivalent, but functionally shall be. As the code has been audited, and two platforms/compiler were involved, we may assume that one of the two is not tainted. So now we do :

Compile GCC with GCC_A on P
Compile GCC with GCC_B on P

If both GCC_A and GCC_B are really functionally equivalent then the results shall now be binary identical (at that iteration, or maybe at the next one due to some cross compilation problems that may occur). If you can never reach an iteration where both results are stable and identical, then you have a problem, otherwise you nearly have the proof you want (unless all compiler of the world are tainted the same way, highly unlikely).

Note that for better results it shall be done with 3 or 4 different compiler. Also note that if you find a small binary difference at some point you may very well gain the key of the backdoor (in GCC or in C_x) by analyzing that difference, unless it is just a bug you would have to point out for the improvement of GCC.

Sorry not to have been clear the first time. Hope it is OK now.

Cross compiling compiler

Posted Apr 9, 2004 19:54 UTC (Fri) by pynm0001 (guest, #18379) [Link]

I see what you're saying now (I was up too late last night :-( ).
Indeed, it sounds like a very good idea, I can't see any flaws in the
logic.

Of course, we can't even apply that test to MSVC, so I guess Open Source
wins another security battle due to the other side's forfeit. :-)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds