Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453600
To view parent comment, click here.
To read all comments associated with this story, please click here.
JoeBuck
Member since:
2006-01-11

It is easy to prove that gcc does not have the Thompson hack. (Technically, the proof shows either that gcc doesn't have the hack or else all C compilers have the identical hack).

gcc is built using a bootstrapping process. First, gcc is built from its source code (written in C) using whatever compiler you have. Then the compiler is built again, using itself. As a check, the compiler is built a third time with itself and the object code is compared between the stage 2 build and the stage 3 build. It must be byte-for-byte identical or the test fails.

Furthermore, you can show (and people have shown) that you get the identical results if you start from Sun's compiler or various older versions of gcc, and likewise for a number of other compilers. If the Thompson hack were present, you would get different results if you build from source code with a compiler containing the hack, than if you don't.

Reply Parent Score: 9

Eugenia Member since:
2005-06-28

I'm sure the hack has evolved since 1984, the year the Thompson trick was written.

Edited 2010-12-15 01:19 UTC

Reply Parent Score: 2

reez Member since:
2006-06-28

Technically, the proof shows either that gcc doesn't have the hack or else all C compilers have the identical hack.

Oh no, all compilers are malicious! ;)

What about hardware or firmware backdoors?
The US have already been afraid of Asian hardware for this reason, which could be a sign. I mean if the US believe hardware from China could have backdoors the reason is the US have at least been thinking about it, right?

Reply Parent Score: 4

james_parker Member since:
2005-06-29

It is easy to prove that gcc does not have the Thompson hack. (Technically, the proof shows either that gcc doesn't have the hack or else all C compilers have the identical hack).


Actually, the proof is not nearly that strong. Rather than requiring all C compilers to have it, only the set of C compilers on which this test were tried and passed must have it. Now, if a new C compiler, with a clean room design and test were written and the test passed, this would dramatically increase the confidence (it would be imperfect, since there may be some structural indication that this is a C compiler that an infected "booting" compiler would detect and propagate the hack). Also, libraries, assemblers, parser generators, etc., must also be checked.

Given sufficient resources it could be increasingly difficult to detect; however, the US Federal Government (FBI, CIA, NSA) would be one of the very few -- if not only -- entity with the resources to do it; further, the cost of doing so would be far higher than that needed to detect it.

Edited 2010-12-15 01:26 UTC

Reply Parent Score: 2

Delgarde Member since:
2008-08-19

Also, libraries, assemblers, parser generators, etc., must also be checked.


Don't forget the kernel. Compiler binaries could be clean on disk, but compromised when loaded into memory. The kernel binary is clean too, but that was compromised by the boot loaded, which was in turn compromised by the BIOS. And that came about because the software controlling the manufacturing plant was compromised to embed the hack into every chip that came out.

Just how paranoid do you want to be? Because taking precautions is good, but it's the first step on the road to madness.

Reply Parent Score: 5

Kebabbert Member since:
2007-07-27

It is easy to prove that gcc does not have the Thompson hack. (Technically, the proof shows either that gcc doesn't have the hack or else all C compilers have the identical hack).

Interesting, do you have links on this? I want to learn more. Who showed this? Where can I read?

Reply Parent Score: 3

vivainio Member since:
2008-12-26

It is easy to prove that gcc does not have the Thompson hack. (Technically, the proof shows either that gcc doesn't have the hack or else all C compilers have the identical hack).


I don't see the proof.

The example hack shows how compiler injects malicious code to "login" program. If gcc is not "login" program, nothing would be detected.

Reply Parent Score: 2