Linked by Eugenia Loli on Wed 23rd Jan 2008 22:07 UTC
Linux With Linux on the desktop going from a slow crawl to verging on an explosion, many have toiled with the question: How do we make this happen faster? A well-known Austin-based Linux Advocate thinks he has the answer.
Permalink for comment 297633
To read all comments associated with this story, please click here.
WereCatf
Member since:
2006-02-15

This is not true. Back in 1984, Ken Thompson how to do so, and this specific "malware" was in fact present in Unix for many years before being discovered

That was an interesting read but I think you misunderstood the point there: in this case it's not the source which has malware, it's the compiler which compiles that in at compilation time. It's an interesting idea to inject such code into the compiler itself but not very likely, atleast if we're talking about the most popular compilers in use. It is VERY difficult to get such a patch accepted on any of the official repositories of f.ex. GCC, and if you ran an app on your own PC which tried to do that then it would need the full sources to GCC, recompile it, and then install it over the previous version meaning it would need root access.

OTOH if the actual sources to the software had such a malware in them you might not notice it. But the more devs and users the software has the bigger the likelyhood it will be discovered. Sure, the more code there is the smaller percentage of that such malware would occupy, but with lots of users and devs someone is also bound to notice any weird behaviour. And as I said above, patches submitted for an app are usually checked before they are accepted into the repos.

So, anyway, as a conclusion, in _theory_ it might be possible but in practice it isn't.

Reply Parent Score: 2