Dennis Clarke wrote: > In the article that you cite we see Ken Thompson talking about inserting a > nasty bit of code into the login process. That would be a nifty trick to > get away with but not something that would get past an open source > project. Then again, gee, we did have that telnet issue a little while > ago. > > Sure, the nasty code would never make it into the Open Solaris code base, however the code _could_ make it into a binary distribution by way of an infected compiler, which I think is really to Ken's point. It doesn't need to be in there, and yet it can still do its damage.
And what makes things worse... The last time I built GCC (which has been a while), I recall needing a C compiler to build it. How do I know that C compiler wasn't "infected" already? :-) --joe _______________________________________________ opensolaris-discuss mailing list [email protected]
