Some user-made C functions and their D equivalents

H. S. Teoh hsteoh at qfbox.info
Thu Jul 28 17:21:57 UTC 2022 

On Thu, Jul 28, 2022 at 04:45:55PM +0000, pascal111 via Digitalmars-d-learn wrote:
> On Thursday, 28 July 2022 at 16:37:35 UTC, frame wrote:
> > On Thursday, 28 July 2022 at 16:17:16 UTC, pascal111 wrote:
> > 
> > > My friend, there is a wide deep secret world for hackers. We have
> > > no any idea about that world. Look, there is nothing called a 100%
> > > fact in our world. Believe me, what we see in software is just
> > > what "THEY" want us to see.
> > 
> > I think you have no idea how some processes work.
> > 
> > We have cryptographic digest methods to verify source code and final
> > builds. In theory, someone could inject bad code if nobody would
> > review it properly of course. But especially for compilers such code
> > would be detected soon and no insane person in such projects would
> > just merge code without reviewing it.
> > 
> > That applies for open source - not if you just download a compiled
> > binary from a ftp server in the open web of course :D
> 
> Aha! "In theory, someone could inject bad code", you admit my theory.

In theory, Ken Thompson's compromised compiler hack could be at work[1].

In practice, though, especially for open-source projects where you can
take the code and compile it with any of number of 3rd party compilers
(at least one of which would be unlikely to have been compiled by a
compromised compiler, so would be "clean"), or, for that matter, you can
freely *modify* the code to replace arbitrary parts of it with
semantically-equivalent code that no longer matches the hack-triggering
pattern, it would take an unreal amount of influence over the entire
world to be able to pull off such a hack.

If somebody actually wielded that much influence over your software, you
already have far bigger problems to worry about; whether or not your
software is being compiled with hidden backdoors is already a moot
question. :-D  (And your efforts to write only "purely" your own code
would also be futile anyway, esp. in a Thompson's-hack scenario.)


[1] https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf


T

-- 
The early bird gets the worm. Moral: ewww...

More information about the Digitalmars-d-learn mailing list