User: Password:
Subscribe / Log in / New account

Countering the trusting trust attack

Countering the trusting trust attack

Posted Feb 3, 2010 23:29 UTC (Wed) by dwheeler (guest, #1216)
In reply to: Countering the trusting trust attack by Baylink
Parent article: Security in the 20-teens

Ummm... let me just say "read the paper, please" :-). I'm fully aware that compiling the same source with different compilers will (normally) produce different executables.

> Or are you suggesting that A-G and B-G then be used to again compile Gcc, and *those* binaries be compared? That would tell you that either A and B were not subverted, or were subverted in exactly the same way...

That's the basic idea, sort of. Given certain preconditions, you can even recreate the original executable with a different starting compiler.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds