Re: Richard Stallman is responsible for the shrinking economy

On Sat, 11 Apr 2009 09:29:59 +0100, Chris H wrote:

Not at all. It works. None are as unsafe as Linux. The Unix backdoor
hack is easily implimentable in any GCC compiler and can infect any
version of Linux.

Oh, come on. Any compiler, open source or not, can have Ken Thompson's
trojan code (described in http://cm.bell-labs.com/who/ken/trust.html ).

The point is that besides that particular vulnerability, the closed
source compilers and other software can and do have zillions of other
vulnerabilites and back doors, and they are visible to no one but the
vendor who may chose to just sit on them, or may have introduced them in
the first place as Borland did with their database backdoor that got
discovered when they open-sourced their code few years ago.

By the way, for a more practical version of a totally invisible hack, I
would turn your attention to all the recent reports on virtual machine-
based hacks (Blue Pill, etc).



--
Przemek Klosowski, Ph.D. <przemek.klosowski at gmail>
.

Relevant Pages

  • Re: Inside an FBI Computer Forensics Lab
    ... properly reproduce or validate a piece of hardware. ... open source tools and well established procedures and methods are used ... like me could trivially design a black box which satisfied every ... possible to create a compiler that will recognizes your code during ...
    (alt.privacy)
  • Re: LPC900/80C51 Compiler Toolchain
    ... There are some situations where commercial developers have advantages over open source developers - it is often easier to get restricted information from the microcontroller manufacturers. ... no top-quality open source alternatives (sdcc is, as far as I understand it, a perfectly reasonable compiler - but it is not a top-ranking 8-bit compiler in the same way that gcc is for many 32-bit targets). ... Any serious embedded developer can tell you horror stories of fights with licenses, ranging from broken hardware dongles, lost licenses after hard disk crashes or changing network cards, confusions over licensing policies resulting in waste time and money, long waits for license codes, issues when transferring the software to another computer, and other such problems. ... more manufacturers are going straight for a gcc port for newer 32-bit architectures, rather than the more traditional approach of working closely with a commercial developer. ...
    (comp.arch.embedded)
  • Re: OT: efforts, emo crap...
    ... You cannot expect everybody to understand open source. ... for now, they want me to go to college, I guess this works. ... Liberate something which is only proprietory now. ... The Seed7 compiler now compiles to a C program which is ...
    (comp.lang.misc)
  • Re: LPC900/80C51 Compiler Toolchain
    ... There are some situations where commercial developers have advantages over open source developers - it is often easier to get restricted information from the microcontroller manufacturers. ... Even for those manufacturers which directly support gcc ports, there can be restrictions with some PHB wanting to keep details secret, which therefore cannot end up in open source code. ... no top-quality open source alternatives (sdcc is, as far as I understand it, a perfectly reasonable compiler - but it is not a top-ranking 8-bit compiler in the same way that gcc is for many 32-bit targets). ... Also the gcc port is usually created but not supported. ...
    (comp.arch.embedded)
  • RE: Micro$oft warns of undetectable spyware security risk ...
    ... Contrast this with a closed compiler ... The number of open source advocates who understand driver/kernel/os ... interest (remember they are likely not being paid to review all this ... bank building and vault available to everyone is going to make the bank ...
    (comp.os.vms)