|
From: | Andrey G. Grozin |
Subject: | Re: [Axiom-developer] RE: Bootstrapping |
Date: | Thu, 10 Nov 2005 14:11:35 +0600 (NOVT) |
On Wed, 9 Nov 2005, C Y wrote:
Yes. I dislike having any binaries in my system I have not compiled myself. Therefore, I use Gentoo (installed from stage 1, so I recompiled gcc too). Of course, this does not help against the Thompson's attack.Years ago Ken Thompson proposed a diabolical attack on a computer that could be made by putting a trap door in a compiler, which would automatically build it into all software and subsequent versions of itself, undetectibly. (I think this is the article: http://www.acm.org/classics/sep95/) That kind of thing makes people (especially open source folk, I think) suspect all binaries, and for good reason.
Not in light of things like Ken Thompson's proposed attack. Security people may be paranoid, but on the internet paranoia is a virtue.
As one of my colleges said,For a sysadmin, the absense of paranoia is called professional incompetence.
Sorry for off-topic. Andrey
[Prev in Thread] | Current Thread | [Next in Thread] |