Re: Trusting GNAT for security software (Mike Albaugh)
7 Mar 1998 22:36:48 -0500

          From comp.compilers

Related articles
Re: Trusting GNAT for security software (Nick Roberts) (1998-03-06)
Re: Trusting GNAT for security software (Pierre Mai) (1998-03-07)
Re: Trusting GNAT for security software (1998-03-07)
| List of all articles for this month |

From: (Mike Albaugh)
Newsgroups: comp.compilers
Date: 7 Mar 1998 22:36:48 -0500
Organization: Atari Games Corporation
References: <> <> <> <6d67j5$474$> <> <dewar.888758710@merv> 98-03-031
Keywords: design, practice

Nick Roberts ( wrote:
: A very swift history lesson (apologies to those who know).

[Ken Thompson's self-regenerating trapdoor..], Somewhat
overstated, but raises an interesting point. With respect to this sort
of thing, I'd suspect that FSF or similar "Free" (I'd prefer the term
"Public") software would be _less_ of a security risk. Thompson's hack
required that the compiler be compiled by itself.

Purchased "Shrink Wrap" software requires a "leap of faith" on
the part of the customer that nothing nasty was included. But public
software, by being distributed in source form, allows _both_
inspection of the source _and_ compilation by any compiler, rather
than only self-compilation. That's a rather harder hurdle for a hack
of this type to pass.

: It certainly proved how foolish it is to assume that because it's difficult
: or unusual to do something, it can't or won't be done. This mistake is
: considered the first deadly sin of the security advisor.

True, but there are levels of difficulty. If I let just
anybody into my building (buy shrinkwrap software at the flea-market),
I have little security. If I ask for a business card ("signed"
shrinkwrap software from a company with assets worth suing for) I have
more security. If I require IDs that are subject to check by
independant authorities (Public software) I have yet more. What level
of security I need, and am willing to pay for, is a business
decision. Do you have an armed guard on your trash? Some might need
that. Most don't.

: I would offer the observation that if a compiler were to be caught inserting
: a black* back door, that compiler's manufacturer would be severely
: embarrassed, to say the least!

Nonsense. Read comp.risks. Major vendors do things that are
either ethically marginal or "Sufficiently advanced cluelessness as to
be indistinguishable from malice" :-) all the time, with negligible
effect on their revenues. If they have very little chance of getting
caught, and "plausible deniability", they'll do whatever they feel


Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.