Relevant Content
Tags in Topic
User login
Custom Search
Recent comments
- Misplaced sarcasm
1 day 15 hours ago - Correct, you missed the
5 days 11 hours ago - The upcoming VC++11 is still
5 days 11 hours ago - I hope this code does not really get used!
6 days 7 hours ago - Yep, it's Fake!
1 week 4 days ago - More than 100 Trollposts?
1 week 4 days ago - I own a windows xp sp3 cd
2 weeks 3 days ago - About "Complex Member Object Initialization"
9 weeks 6 days ago - Headers
14 weeks 1 hour ago - I've also used volatile for
16 weeks 5 days ago
Reflections on Trusting Trust - by Ken Thompson
Mon, 2009-03-09 19:44 — jason
In 1984 the Communications of the ACM published an article, Reflections on Trusting Trust. Which is an amazing, and disturbing read about software trust.
The article begins with the exercise, "create a program which can replicate itself."
This leads deftly to the idea of modifying a compiler such that every time code is compiled it adds a security vulnerability. The author points out that this kind of problem in a compiler could and would be found rather quickly.
However, it takes a compiler to compile a new compiler. With this in mind, and the techniques in place for writing self replicating code, one could write a compiler that detected when it was compiling a new compiler and inject its self replicating code into the new compiler.
Thompson certainly makes you question just how much you can trust your code - unless you fully control every aspect of your system.
Comments
How funny you should mention this
I was just reading something slightly similar from Guido about Python's security model just today. He briefly mentions automatic code injection, but focuses more on hand-tuned security vulnerabilities.
An interesting read.