On 4 September 2014 11:57, Ian Grant <[email protected]> wrote: > Now it may seem unlikely to some that this has been done. But it is surely > obvious to *everyone* that this is *possible,* and since the advantage an > attacker accrues if he can pull this off effectively is incalculable, it > should also be obvious to *everyone* that if this has not yet been done, > then it will soon be done. Perhaps as a direct result of people reading what > I am writing right now.
I'm not too sure how different distributions are bootstrapping GCC, but I presume most all of them have been using the previous version of GCC to do so for a very long time. My recollection of the early nineties is not great, but I don't recall GNU being at sufficient Ghandicon that it would have seemed worthwhile attempting it. Besides, there are easier ways to get that kind of control of a system, such as with SMM or hardware - even hardware like graphics cards and USB sticks, if you understand how the system will behave when presented with out-of-spec signals. > Focussing on free source code is pointless, we need to focus on free > semantics. I don't see how this (any of the paragraph) followed from the above. If compilers used for bootstrapping have incorporated the Richie crack, how are patents going to make your system secure? -- William Leslie Notice: Likely much of this email is, by the nature of copyright, covered under copyright law. You absolutely MAY reproduce any part of it in accordance with the copyright law of the nation you are reading this in. Any attempt to DENY YOU THOSE RIGHTS would be illegal without prior contractual agreement.
