To be honest, I prefer to trust one rather than trust so many.
Besides, I know precisely who to blame if my business or customer got hacked.
Glen Turner wrote:
O Plameras wrote:
That's why I compile and cut those codes I do not understand and end up with fewer lines that I understand.
Then you are still trusting the compiler, and the compiler which compiled the compiler. I suggest you read Ken Thompson's Turing Award lecture "Reflections on Trusting Trust".
http://www.acm.org/classics/sep95/
You might think that you can avoid Thompson's hack by disassembling the object code, but even then you're trusting a possibly compromised disassembler or link loader.
"Trust" is a deeper can of worms than is solvable by a simple re-compilation.
Glen
BTW, from a practical point of view, there's more avenues for evil in libc than in the kernel. So don't forget to read that too.
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
