[Arm-netbook] Questioning The Holy War

pelzflorian (Florian Pelz) pelzflorian at pelzflorian.de
Sat Dec 8 19:02:08 GMT 2018


On Sat, Dec 08, 2018 at 11:19:43AM -0500, Hendrik Boom wrote:
> On Sat, Dec 08, 2018 at 10:28:18AM -0500, Chris Tyler wrote:
> > On Sat, Dec 8, 2018 at 7:07 AM Pablo Rath <pablo at parobalth.org> wrote:
> > 
> > > On Fri, Dec 07, 2018 at 04:52:22PM -0500, Hendrik Boom wrote:
> > > > On Fri, Dec 07, 2018 at 12:59:44PM +0100, Pablo Rath wrote:
> > > > >
> > > > > How do you know if the source is closed? :)
> > > >
> > > > Let's assume this is a real question.
> > >
> > > Hendrik, I am sorry. I see, I have phrased my (rhetoric) question
> > > poorly. What I meant and should have written is mor like: "How can you
> > > know if a
> > > software behaves well and doesn't shoot the cat when you can't audit the
> > > source code?"
> > >
> > 
> > I must point out an error here: Ken Thompson proved that auditing source
> > code (of software and the toolchain used to build it) is meaningless in his
> > paper "Reflections on Trusting Trust". That paper/talk was released 34
> > years ago, and it wasn't theoretical -- it was based on malware that he'd
> > successfully released into the wild many years before.
> 
> I remember reading that talk -- Wasn't it a Turing lecture? -- and I don't 
> recall him saying he actually did release that malware -- he just explained 
> what he *could* have done.  But he didn't deny it either.
> 
> Or do you have firther information on this?  If so I'd like to hear it.
> 
> Let me be pleased there is more than one C compiler in existence.  And that 
> it is undecidable whether an arbitrary piece of code actually compiles C, so 
> that his malware, should it exist, is limited in scope.
> 

This problem is one of the reasons why bootstrappable.org, GNU Mes and
such things exist so it is easier to detect when object code does not
correspond to source code.

Regards,
Florian



More information about the arm-netbook mailing list