View Single Post
Old 17th December 2010
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

The old "compromised" program threat is geared more toward a system where an authorized user has replaced/tampered with a frequently used binary (..like the toolchain/compiler).

It's not that easy to introduce such code into a peer reviewed source repository, something complex enough to produce malicious executables would not go unnoticed.

There is no doubt that GCC 4.2.1 was recently audited before it was added to the tree, they had to deal with portability problems on several architectures.

Also, GCC doesn't actually generate executables.. that's done by the assembler, which receives an assembly representation, anyone can generate this using the -S argument of the compiler.

There is no sense discussing this, not unless anyone here has audited.. you'll have to trust that the accusation will be dealt with, or "shut up and hack".
Reply With Quote