Awesome! Fedora also, and this is a step towards countering "Trusting Trust" toolchain issues
Awesome! Fedora also, and this is a step towards countering "Trusting Trust" toolchain issues
Posted Jan 23, 2015 12:44 UTC (Fri) by gnb (subscriber, #5132)In reply to: Awesome! Fedora also, and this is a step towards countering "Trusting Trust" toolchain issues by PaXTeam
Parent article: Lots of progress for Debian's reproducible builds
The work of backdooring the compiler scales linearly with the number of compilers, but I wouldn't expect the difficulty of making sure each of the relevant compilers ships with the backdoor included to be linear: you have to patch each of N compilers without any of these attempts being noticed.
Posted Jan 23, 2015 18:40 UTC (Fri)
by paulj (subscriber, #341)
[Link]
In other news, "viruses" are a *lot* more sophisticated since Thompson's POC.
Awesome! Fedora also, and this is a step towards countering "Trusting Trust" toolchain issues
If only binaries came in standardised formats, and had general ways to inject code, and lots of well-known hooks to allow that code to execute (well-knowns hooks supplied by the format, by the runtime, and by the specific compiler code). Oh wait, they do.