[ubuntu-uk] Backdoors into computer systems was Ubuntu on the BBC!!!

jim.cameron at buhlersortex.com jim.cameron at buhlersortex.com
Fri Oct 23 10:22:22 BST 2009

Daniel Drummond:
> This reminds me of a story I heard a few years ago,

[snip ken's evil compiler story]

I had a paper related to that ("On Trusting Trust") somewhere ...
rummage rummage ... ah, here we go. "Countering Trusting Trust through
diverse double-compiling", David A. Wheeler.
http://www.dwheeler.com/trusting-trust/ The basic idea is that you
recompile the suspect compiler from source using a different, "trusted"
compiler of your own. Then you use the result to compile itself from
source and compare that binary with the original, suspect binary. If
they're identical, the compiler is clean.

Jim Cameron
Software Engineer

Buhler Sortex Limited
Research and Development Department
20 Atlantis Avenue
London E16 2BF
Registered in England No. 434274
T +44(0)20 7055 7607
F +44(0)20 7055 7701

Mail to: jim.cameron at buhlersortex.com

This e-mail (including any attachments) is confidential,
may be legally privileged and is designated exclusively
for the intended recipient. Access by any other person is
not authorised. Any disclosure of this e-mail or of names
of persons mentioned therein as well as any storing,
copying, distribution and dissemination is strictly prohibited.

If you are not the intended recipient, please immediately
delete this e-mail and notify the sender by phone or by e-mail.

More information about the ubuntu-uk mailing list