Hello again,
On Sat, 22 Sep 2012, Brian Morrison wrote:
On Fri, 21 Sep 2012 11:31:59 +0100 (BST) "G.W. Haywood" wrote:
If a compiler is not there it is *impossible* for it to do anything,
and that statement does not rely on your opinion.
It isn't Ken Thompson's opinion, it isn't necessary for a compiler to
exist for malicious acts to be possible. ...
A compiler is a four-legged animal, so all four legged animals are
compilers? Of course there is no suggestion that a compiler is an
essential component of any attack.
Mr. Esler's assertion that this is a pedantic argument, given his
position, bothers me a little. There are two objectives:
1. minimising the probability of a successful attack, and
2. minimising the likely damage in the event of such an attack.
Removing as far as possible tools which an attacker will find useful
in launching his *next* attack falls into the latter category. For
example one amusing use which attackers typically find for a compiler
(if you've left one lying around for them to use) is to rebuild system
binaries like 'login' and 'ps'. Then when you think the attack has
been thwarted (because the newly installed 'ps' doesn't show you the
processes that the attackers are running) they can log in at will
using the back-doored binaries and you won't even see it happening.
PS Please don't mail somebody's email address to the whole world.
--
73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
