Re: Trusting the Tools - was Re: Open Source ...

2003-10-13 Thread kent
On Sun, Oct 12, 2003 at 08:25:21AM -0600, Anne Lynn Wheeler wrote: It wouldn't have been impossible ... but quite unlikely. It is somewhat easier in C-based programs since there are additional levels of indirection and obfuscations between the statements in a C program and the generated

Re: Trusting the Tools - was Re: Open Source ...

2003-10-13 Thread Anne Lynn Wheeler
At 03:48 PM 10/12/2003 -0700, [EMAIL PROTECTED] wrote: Hmm. While I agree with your assessment of likelihood, I think you understate the seriousness of the issue in both the C case and the assembler case -- they are not really that different. It's not just a matter of indirection and obfuscation

Re: Trusting the Tools - was Re: Open Source ...

2003-10-12 Thread Thor Lancelot Simon
On Thu, Oct 09, 2003 at 07:45:01PM -0700, Bill Frantz wrote: At 8:18 AM -0700 10/7/03, Rich Salz wrote: Are you validating the toolchain? (See Ken Thompson's Turing Aware lecture on trusting trust). With KeyKOS, we used the argument that since the assembler we were using was written and

Trusting the Tools - was Re: Open Source ...

2003-10-11 Thread Bill Frantz
At 8:18 AM -0700 10/7/03, Rich Salz wrote: Are you validating the toolchain? (See Ken Thompson's Turing Aware lecture on trusting trust). With KeyKOS, we used the argument that since the assembler we were using was written and distributed before we designed KeyKOS, it was not feasible to include