View Single Post
Old 17th December 2010
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 429
Default

Quote:
Originally Posted by Oliver_H View Post
An intentional bug can be a backdoor.
I think what carpetsmoker was getting at is that the presence of bugs doesn't prove the presence of a backdoor...but I'm with you in that in an information leak scenario like this prime for an "accidental" bug leaking critical bits of information...

But that begs the question...Wouldn't it be easier to just insert a backdoor into something like GCC? It would be virtually impossible to detect (without auditing the compiler...and gcc's a big beast) because you wouldn't have to alter the source of the program you're attempting to backdoor. Even OpenBSD's code-correctness approach could be undermined by a compromised compiler...and compromising GCC would have the added benefit of affecting many other operating systems. Seems that would give more bang for the buck, you know?
Reply With Quote