Miscellaneous > The Lounge

Secure Code

(1/2) > >>

dbl221:
If it is impossibe to "know" what closed source" software is doing and most people use M$ closed source stuff it is possible for NSA and others to install backdoors.

  Therefore

Secure Code = Open Source

voidmain:
As much as I would *love* to agree with that, it isn't quite true.  The only way you can truly be confident that there are no backdoors are if you actually write the compiler from scratch.  I read an interesting article about a way that a backdoor can be coded into the compiler in such a way as to create back doors in programs such as "login" and no trace of the back door would be seen in the source code of the "login" program OR the source for the "compiler".  It sounded far fetched to me and I'll post the article if I can find it again.  It was *very* interesting and made one think.  

I couldn't help but think that if RedHat were evil they could have a deal like this with the NSA.  And RedHat is known for jumping the gun on the 2.96 version of GCC.  Makes me wonder a little.  I'll post it as soon as I find it (see, I don't blindly support Linux, but it is 1000 times better than any MS OS).

[ March 01, 2002: Message edited by: VoidMain ]

voidmain:
Ahhh, here it is:
http://www.acm.org/classics/sep95/

Read the whole thing carefully. I think you will find it very interesting (especially if yer a code weenie).

dbl221:
Hmm.....I have heard of this kind of thing before.  The solution is of course to use a compiler that is open-source.

I believe gcc fits that bill.   But I will read the article.

voidmain:


[ March 01, 2002: Message edited by: VoidMain ]

Navigation

[0] Message Index

[#] Next page