[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux removed from desktop cd spin?

On Wed, 2008-01-23 at 11:02 +0530, Rahul Sundaram wrote:
> Les Mikesell wrote:
> > 
> > But the NSA would be at least as capable of introducing a hack that you 
> > could examine but not see as Ken Thompson:
> > http://www.everything2.com/index.pl?node=Reflections%20On%20Trusting%20Trust 
> > 
> > I'd expect them to even be able to conspire with the CPU vendors to have 
> > certain undocumented opcode sequences do magical things.
> Sure. You can believe whatever you want to. I am merely stating a fact 
> that the bar to do this with open source software is way higher than 
> proprietary software and in fact is the highest that anyone can 
> practically go.

Also, in order to carry out a hack like that, you have to infect the
toolchain somewhere along the line, so that everyone building the code
is doing so with infected compilers..  With open-source code and an
open-source toolchain, that seems pretty unlikely.

Or are you suggesting, Les, that everyone's copy of gcc is derived from
one built by the NSA and smuggled into RMS's lab at some point in its
early history?

> Rahul
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]