Ian and all, I have been doing some more research and spoke with some people in the industry about certified compilers. Apparently a lot of progress has been made in the recent past and money has been flowing into the arena of certified compilers. What's preventing Apple from having a third party independent audit of their developer tools (which MacPorts depends on, and the rest of the world also depends on for a wide range of apps either for OS X or iOS)? Seriously, how hard would this be and I can't imagine it being a terrible expense to Apple to do this and show the world that its compilers are trojan free.
Thanks, -Tabitha On Sun, Sep 8, 2013 at 2:19 AM, Ian Wadham <[email protected]> wrote: > > On 08/09/2013, at 3:56 PM, Tabitha McNerney wrote: > > My boss has been smiling at work a lot lately. He feels very vindicated > for having reasonably healthy "paranoia" about vendor compilers (e.g., > Apple's tools) just months ago before Snowden made headlines. My boss asked > me and my colleagues to read this seminal article by Ken Thompson of Bell > Labs in 1984 (from the Turing Award Lecture) about how a trojan can be > created in a C compiler (he said he does not want the especially younger > developers to be too naive and also told us about the Clipper Chip from the > 1990s that never came to fore light but was very close to coming to fore): > > > > https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf > > I think the genie got out of the bottle a long time ago, see: > http://seclab.cs.ucdavis.edu/projects/history/papers/karg74.pdf > which I think is the paper Thompson was referring to at the end of his > talk. > > In that paper, Major Schell and his team showed in the 1970s that the > world's > supposedly most secure operating system, Multics, could be easily > penetrated > for a modest cost in time and resources. > > They called Trojan horses "trapdoors" and they planted several in Multics, > even > by such simple means as walking into the manufacturer's offices, sitting > down > somewhere and leaving a patch in the source code. They concluded that the > KGB et al. would also be capable of penetrating any American O/S or > compiler. > > Schell was promoted to Colonel (please no shell/kernel puns) and then > worked > on how to make hardware and software certifiably secure for intelligence > and > military use. AFAIK a version of the UNIX kernel was the only O/S to be so > certified. > > It is best to assume that any O/S or compiler can be penetrated and > subverted > by any agency, American, non-American, criminal or otherwise, with or > without > the co-operation of the maker of that O/S or compiler, and that this has > been the > case for 40 years or more. > > Nor should we assume that non-commercial software, such as Open Source > and Linux, is immune. It is quite easy to become part of an Open Source > team and I do not think there is much perusal of contributions. Indeed, an > author might not know and might never have met all of his/her colleagues. > Maybe even SVG and git have been subverted so as to leave no trace of > changes to code when so "requested". > > So I do not think your boss has much to smile about. > > Regards, Ian W. > > _______________________________________________ > macports-users mailing list > [email protected] > https://lists.macosforge.org/mailman/listinfo/macports-users >
_______________________________________________ macports-users mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-users
