View Single Post
Old 17th December 2010
backrow backrow is offline
Real Name: Anthony J. Bentley
Shell Scout
 
Join Date: Jul 2009
Location: Albuquerque, NM
Posts: 136
Default

Quote:
Originally Posted by rocket357 View Post
But that begs the question...Wouldn't it be easier to just insert a backdoor into something like GCC? It would be virtually impossible to detect (without auditing the compiler...and gcc's a big beast) because you wouldn't have to alter the source of the program you're attempting to backdoor. Even OpenBSD's code-correctness approach could be undermined by a compromised compiler...and compromising GCC would have the added benefit of affecting many other operating systems. Seems that would give more bang for the buck, you know?
Yes, as seen in the well‐known Reflections on Trusting Trust.

But just because a compiler would be a great target doesn’t mean that an IPSEC stack would not be a target.

I’m not suggesting that there is a backdoor in OpenBSD; in fact, I think it’s extremely unlikely. But that doesn’t mean that we don’t need to audit—constant auditing is a good thing whether we believe in backdoors or not. And this is proven by the fact that the audit has already fixed two bugs that were not backdoors.

I think this is the view that Theo holds as well:
Quote:
It is an allegation in a world where we audit whether there is an allegation or not.

If I read you right, what you are saying can be simplified to this:

“Because this is an allegation, we need not audit. Hey, let’s post instead!”

I am sorry, but even if you don’t mean it exactly like that, what you said will be interpreted by many people to mean that. What I see you say above [is] ridiculous.
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems.
Reply With Quote