On 02/07/2012 02:47 PM, Ben Coman wrote:
This is slightly paranoid thinking, but considering the long evolution of Smalltalk live images (apparently all the way from the original Xerox PARC ST80 [1] ) in relation to Ken Thompson's "Reflections on Trusting Trust" [2] - are there any mechanisms to prevent trojan code living undetected inside a Smalltalk compiler/decompiler ? Bruce Schneier [3] provides a shorter overview of [2] if that is not to your taste. To what degree might this ever be an issue with Pharo and how might it be mitigated ?
I think it's worse in Pharo because you're never bootstrapping from source. From all you know the tools could be subverted to show you a different code than is actually running in the system.
Cheers Philippe