Reminds me of something Ken Thompson wrote so long ago, which I've been meaning to find again.
Ahh there it is, "Reflections on Trusting Trust" http://www.acm.org/classics/sep95/ Dennis Clarke wrote: >> On Sun, 2007-07-22 at 01:36 -0700, UNIX admin wrote: >> >>>> ... if we did implement such a backdoor, it would >>>> totally be in >>>> usr/closed where y'all wouldn't see it. >>>> >>> One can't hide anything from a disassembler and a hex editor. >>> >> Unless they use an obscurator - even then, its not going to jump out >> like "hi! this is an NSA back door!" >> > > If every file in the /usr tree has an MD5 sig and somehow a change was > inserted I would expect the sig to change also. If that happens then you > have your culprit spotted. If someone is able to make that change and also > keep the same MD5 sig then indeed the NSA spooks are spooky. > > Eventually we can expect all sources to be open anyways, over time. > > Sort of a moot point. > > Dennis > > _______________________________________________ > opensolaris-discuss mailing list > [email protected] > _______________________________________________ opensolaris-discuss mailing list [email protected]
