decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
No, it is about how to get to a postition of trust with the untrusted compiler | 297 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
No, it is about how to get to a postition of trust with the untrusted compiler
Authored by: bugstomper on Tuesday, January 22 2013 @ 03:24 PM EST
It isn't a matter of bootstrapping. Or rather, it is a matter of creating the
compiler using an alternate bootstrap path.

Here is the problem: What if someone put a trojan horse in a compiler like gcc
that would cause it to produce a vulnerability when it is used to compile
certain code, then added something to insert that trojan horse in the binary
output produced when the compiler detects that it is compiling itself, then
removed that trojan horse code from the source code of the compiler, and then
released the resulting binary of the compiler? If they could get people using
that hacked binary of the compiler, it would not matter if people as a
precaution inspected the source code of the compiler and compiled it themselves
to make sure that they knew what was in their compiler. For example, with one
free software compiler project that I work on what I usually do as a test after
updating the sources is I compile the compiler twice, once using the currently
installed version, then again using the result to compile itself. A rough test
for things being broken is whether repeated compiles of itself by itself produce
bit for bit identical results (once I remove timestamps in the output). But if
all of the compiler binaries contain a hack that inserts itself into the binary
only when the compiler compiles itself, I would never know.

The solution is to compile gcc (in this example) with any other compiler that I
can be sure does not have the identical trojan in it. It would compile the
sources of gcc and produce code that does what the sources say, not with the
trojan horse that makes gcc produce malware. Now I have an executable of gcc
that I know does not contain that particular trojan that makes that particular
modification to the output when it is used to compile gcc. I compile gcc with
the binary of gcc that I just made and compare it to the result of compiling gcc
with the binary of gcc that I made using the publicly available gcc. If the
results are not the same then the publicly available gcc binaries are suspect.

To do this all I need is a C compiler that is sufficiently complete that it can
compile gcc. It doesn't have to produce the most optimized code, it just has to
work. I can go to the effort of writing my own compiler, bootstrapping it or
whatever, but I don't have to go to the tremendous effort of producing a
compiler as production quality as gcc. Or I can use someone else's C compiler
knowing that even if it is compromised with a trojan horse it will not be the
same trojan horse as the one in the gcc executables, so it will still work for
this purpose.

The result will be that I have verified that the gcc executable I have really
does correspond to the gcc sources that I have inspected. I can then use gcc, a
production quality free open source compiler, instead of the bare bones compiler
I wrote myself or obtained elsewhere that I used to conduct this exercise.

[ Reply to This | Parent | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )