Re: Linuxfromscratch.org

[Dale Amon <amon@vnl.com>]

On Thu, Jul 24, 2003 at 04:39:49PM +1000, Brian May wrote:
> > login.c
> >   main () { printf ("Hello World\n"); }
> > 
> > and the hand decompile the binary to see if there
> > is anything unexpected present.
> 
> Does this proove anything though?
> 
> A trojon horse in the compiler could be clever enough not to insert
> any back doors on such simple code...

There are some safe assumptions we can make:

	* The trojan is not arbitrarily complex as
	  it must have compiled into the size of
	  the early gcc.

	* It is not arbitrarily specific or else
	  it would only have worked on the earliest
	  login.c and thus we can escape it simply
	  by changing the login.c code.

So it is either simple minded or there are certain
features in a login.c that all C programmers will
recreate even if starting from a blank emacs windows
and no knowledge of the original login.c other than
a minimal functional requirement doc.

So get 100 junior programmers to write one hundred 
login.c's from scratch and see what they have in 
common. 

But I'll short circuit it. If I were coding this
in C back in 1977, I'd have done a string compare
on Username: and Password:. 

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.