Return to the
comp.compilers page.
Search the
comp.compilers archives again.
| Related articles |
|---|
| Re: Trusting GNAT for security software Nick.Roberts@dial.pipex.com (Nick Roberts) (1998-03-06) |
| Re: Trusting GNAT for security software dent@cs.tu-berlin.de (Pierre Mai) (1998-03-07) |
| Re: Trusting GNAT for security software albaugh@agames.com (1998-03-07) |
| From: | albaugh@agames.com (Mike Albaugh) |
| Newsgroups: | comp.compilers |
| Date: | 7 Mar 1998 22:36:48 -0500 |
| Organization: | Atari Games Corporation |
| References: | <34F421F6.3A5FFF59@towson.edu> <34F5A906.1704@gsfc.nasa.gov> <34F68913.2FF865DA@cl.cam.ac.uk> <6d67j5$474$1@news.nyu.edu> <34F9444D.D2F588@cl.cam.ac.uk> <dewar.888758710@merv> 98-03-031 |
| Keywords: | design, practice |
Nick Roberts (Nick.Roberts@dial.pipex.com) wrote:
: A very swift history lesson (apologies to those who know).
[Ken Thompson's self-regenerating trapdoor..], Somewhat
overstated, but raises an interesting point. With respect to this sort
of thing, I'd suspect that FSF or similar "Free" (I'd prefer the term
"Public") software would be _less_ of a security risk. Thompson's hack
required that the compiler be compiled by itself.
Purchased "Shrink Wrap" software requires a "leap of faith" on
the part of the customer that nothing nasty was included. But public
software, by being distributed in source form, allows _both_
inspection of the source _and_ compilation by any compiler, rather
than only self-compilation. That's a rather harder hurdle for a hack
of this type to pass.
: It certainly proved how foolish it is to assume that because it's difficult
: or unusual to do something, it can't or won't be done. This mistake is
: considered the first deadly sin of the security advisor.
True, but there are levels of difficulty. If I let just
anybody into my building (buy shrinkwrap software at the flea-market),
I have little security. If I ask for a business card ("signed"
shrinkwrap software from a company with assets worth suing for) I have
more security. If I require IDs that are subject to check by
independant authorities (Public software) I have yet more. What level
of security I need, and am willing to pay for, is a business
decision. Do you have an armed guard on your trash? Some might need
that. Most don't.
: I would offer the observation that if a compiler were to be caught inserting
: a black* back door, that compiler's manufacturer would be severely
: embarrassed, to say the least!
Nonsense. Read comp.risks. Major vendors do things that are
either ethically marginal or "Sufficiently advanced cluelessness as to
be indistinguishable from malice" :-) all the time, with negligible
effect on their revenues. If they have very little chance of getting
caught, and "plausible deniability", they'll do whatever they feel
like.
Mike
| albaugh@agames.com
--
Return to the
comp.compilers page.
Search the
comp.compilers archives again.