UNIX and viruses
Antti Louko
alo at kampi.hut.fi
Sat Jun 10 23:18:50 AEST 1989
In article <16655 at rpp386.Dallas.TX.US> jfh at rpp386.cactus.org (John F. Haugh II) writes:
>Anyone interested in a really good paper on trojan horses and trust
>should read Ken Thompson's Turing Award presentation.
>Ken creates a scenario in which the C compiler and login are in
>cahoots to create this security hole which only he [ and dmr ;-) ]
>are aware of.
>It ends with some very sound advice - eventually a secure OS comes
>down to trusting the people who wrote the code. I don't think GNU
>will ever produce a trusted OS for exactly this reason - who is
>going to trust people such as Stallman who believes security is
>something big companies use to steal from the average Joe?
Actually it comes down to trusting the people who COMPILED the code.
If you don't use bootstrapping binaries coming with sources you are
much safer.
Can we trust any of those big companies either? Or that they have
never had any saboteur programmers working with the OS you are buying.
Besides, big companies usually don't give you the source code for
their systems. At least some of the pieces are missing. With GNU you
can compile everything from sources. First you compile the GCC with a
different compiler, of course. With GNU you will have sources without
any license agreements. You don't even have to tell anyone that you
desperately NEED the sources!
I believe many high security facilities will find GNU more suitable
than proprietary systems.
Antti Louko (alo at hut.fi)
Helsinki University of Technology
More information about the Comp.unix.wizards
mailing list