[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The fixed-point project

From: Ludovic Courtès
Subject: Re: The fixed-point project
Date: Fri, 20 Sep 2013 23:44:29 +0200
User-agent: Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux)

Mark H Weaver <address@hidden> skribis:

> Hi Ludovic,
> address@hidden (Ludovic Courtès) writes:
>> However, in theory, that doesn’t save us from trusting-trust
>> attacks [1]: the bootstrap GCC could contain a trap, such that the trap
>> is always preserved across recompilations of GCC, even if it’s absent
>> From the GCC source being compiled.
>> David A. Wheeler’s thesis [2] addresses this topic.  Roughly, it shows
>> that a compiler can be tested for traps by relying on a “trusted”
>> compiler [3].
> I don't think this is an adequate summary of David's technique for
> defeating Thompson viruses.  Under his method, one needn't trust any
> single compiler.  Instead, one uses several different compilers to
> bootstrap a single compiler, and checking that the results of all of
> those bootstraps yield the same result.


> One need only trust that the first-stage compilers aren't _all_
> compromised with the same Thompson virus.  This is much more
> reasonable than expecting everyone to trust the Guix bootstrap
> tarballs.  In order to defeat this method, a Thompson virus would have
> to be sophisticated enough to hide itself in all of the compilers, and
> be able to jump from one compiler to another.

Yes, you’re right (I may have been fooled by the wording in

In Guix we can use different variants of the bootstrap compiler to build
the tarballs, but in practice I suspect these would have to remain
variants of the same thing (GCC), not completely different compilers.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]