Quote:
Originally Posted by Oliver_H
An intentional bug can be a backdoor.
|
I think what carpetsmoker was getting at is that the presence of bugs doesn't prove the presence of a backdoor...but I'm with you in that in an information leak scenario like this prime for an "accidental" bug leaking critical bits of information...
But that begs the question...Wouldn't it be easier to just insert a backdoor into something like GCC? It would be virtually impossible to detect (without auditing the compiler...and gcc's a big beast) because you wouldn't have to alter the source of the program you're attempting to backdoor. Even OpenBSD's code-correctness approach could be undermined by a compromised compiler...and compromising GCC would have the added benefit of affecting many other operating systems. Seems that would give more bang for the buck, you know?