Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Permalink for comment 453600
To read all comments associated with this story, please click here.
JoeBuck
Member since:
2006-01-11

It is easy to prove that gcc does not have the Thompson hack. (Technically, the proof shows either that gcc doesn't have the hack or else all C compilers have the identical hack).

gcc is built using a bootstrapping process. First, gcc is built from its source code (written in C) using whatever compiler you have. Then the compiler is built again, using itself. As a check, the compiler is built a third time with itself and the object code is compared between the stage 2 build and the stage 3 build. It must be byte-for-byte identical or the test fails.

Furthermore, you can show (and people have shown) that you get the identical results if you start from Sun's compiler or various older versions of gcc, and likewise for a number of other compilers. If the Thompson hack were present, you would get different results if you build from source code with a compiler containing the hack, than if you don't.

Reply Parent Score: 9