[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?



Matthew Saltzman wrote:

But the NSA would be at least as capable of introducing a hack that you could examine but not see as Ken Thompson: http://www.everything2.com/index.pl?node=Reflections%20On%20Trusting%20Trust I'd expect them to even be able to conspire with the CPU vendors to have certain undocumented opcode sequences do magical things.
Sure. You can believe whatever you want to. I am merely stating a fact that the bar to do this with open source software is way higher than proprietary software and in fact is the highest that anyone can practically go.

Also, in order to carry out a hack like that, you have to infect the
toolchain somewhere along the line, so that everyone building the code
is doing so with infected compilers..  With open-source code and an
open-source toolchain, that seems pretty unlikely.

Or are you suggesting, Les, that everyone's copy of gcc is derived from
one built by the NSA and smuggled into RMS's lab at some point in its
early history?

How many people have contributed code and how much do you know about them or their motives? But a more likely target would be the CPU companies since there are only a couple that matter and this could make the compiler portion pretty much invisible. Is that any more paranoid than thinking the major communication companies all have government taps for everything passing through or that cell phones are all rigged so the government can locate and listen at any time?

--
  Les Mikesell
    lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]