Quote:
Originally Posted by rocket357
Propolice has nothing to do with the type of compiler compromise I'm talking about. Who cares if it inserts canary values and checks and such if it actively injects malicious code? A compiler is a program. It can be compromised to produce compromised programs even if the source of the program is "clean".
|
Sure, but they're not just using GCC as other operating system. According to my information they do security auditing for GCC.