|Re: Trusting GNAT for security software Nick.Roberts@dial.pipex.com (Nick Roberts) (1998-03-06)|
|Re: Trusting GNAT for security software email@example.com (Pierre Mai) (1998-03-07)|
|Re: Trusting GNAT for security software firstname.lastname@example.org (1998-03-07)|
|From:||email@example.com (Mike Albaugh)|
|Date:||7 Mar 1998 22:36:48 -0500|
|Organization:||Atari Games Corporation|
|References:||<34F421F6.3A5FFF59@towson.edu> <34F5A906.firstname.lastname@example.org> <34F68913.2FF865DA@cl.cam.ac.uk> <email@example.com> <34F9444D.D2F588@cl.cam.ac.uk> <dewar.888758710@merv> 98-03-031|
Nick Roberts (Nick.Roberts@dial.pipex.com) wrote:
: A very swift history lesson (apologies to those who know).
[Ken Thompson's self-regenerating trapdoor..], Somewhat
overstated, but raises an interesting point. With respect to this sort
of thing, I'd suspect that FSF or similar "Free" (I'd prefer the term
"Public") software would be _less_ of a security risk. Thompson's hack
required that the compiler be compiled by itself.
Purchased "Shrink Wrap" software requires a "leap of faith" on
the part of the customer that nothing nasty was included. But public
software, by being distributed in source form, allows _both_
inspection of the source _and_ compilation by any compiler, rather
than only self-compilation. That's a rather harder hurdle for a hack
of this type to pass.
: It certainly proved how foolish it is to assume that because it's difficult
: or unusual to do something, it can't or won't be done. This mistake is
: considered the first deadly sin of the security advisor.
True, but there are levels of difficulty. If I let just
anybody into my building (buy shrinkwrap software at the flea-market),
I have little security. If I ask for a business card ("signed"
shrinkwrap software from a company with assets worth suing for) I have
more security. If I require IDs that are subject to check by
independant authorities (Public software) I have yet more. What level
of security I need, and am willing to pay for, is a business
decision. Do you have an armed guard on your trash? Some might need
that. Most don't.
: I would offer the observation that if a compiler were to be caught inserting
: a black* back door, that compiler's manufacturer would be severely
: embarrassed, to say the least!
Nonsense. Read comp.risks. Major vendors do things that are
either ethically marginal or "Sufficiently advanced cluelessness as to
be indistinguishable from malice" :-) all the time, with negligible
effect on their revenues. If they have very little chance of getting
caught, and "plausible deniability", they'll do whatever they feel
Return to the
Search the comp.compilers archives again.