2006/5/2, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>
> Anton Karpov wrote:
> >
> > Noone here talks about attacking a compiler ;) We're discussing
> > differences
> > for attacker, depending on compiler available or not.
>
> They should.
> There is a classic by Ken Thompson (I think) about using a compiler
> to create a back door which has no traces in the source of either
> the compiler or of the back-doored module.
>
> Something about who can you trust.
>
>
You mean "reflectiond on trusting trust", don't you? Well, if someone has
privileges to replace your compiler with backdoored one, he has another
65535 ways to abuse your box.
We're not about this.
