Trusting Trust: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
Line 5: Line 5:
*Do you trust the programmer?
*Do you trust the programmer?
*Do you know that you really got the "real" program or could it be an altered copy?
*Do you know that you really got the "real" program or could it be an altered copy?
*Do you download the source code instead?
*Do you have a look at it before you compile it?
*Do you search it for malicious routines?
*The whole source code?
*Where do you get your compiler from?
*Do you trust the programmer of your compiler?
*Do you compile your compiler?
*Do you have a look at the source code before you compile it?
*Where do you get your first compiler from?
*Do you write your own compilers?
*What do you use to compile your own compiler???


==Examples==
==Examples==

Revision as of 13:23, 7 January 2005

Reflections on trusting trust

  • Where do you get your software from?
  • Do you trust the manufacturer?
  • Do you download free software instead?
  • Do you trust the programmer?
  • Do you know that you really got the "real" program or could it be an altered copy?
  • Do you download the source code instead?
  • Do you have a look at it before you compile it?
  • Do you search it for malicious routines?
  • The whole source code?
  • Where do you get your compiler from?
  • Do you trust the programmer of your compiler?
  • Do you compile your compiler?
  • Do you have a look at the source code before you compile it?
  • Where do you get your first compiler from?
  • Do you write your own compilers?
  • What do you use to compile your own compiler???

Examples

Example 1

A self reproducing program

#include <stdio.h>

char s[] =
{
'\n', '\n', 'i', 'n', 't', ' ', 'm', 'a', 'i', 'n', '(', ')', '\n', '{', '\n', '\t',
'i', 'n', 't', ' ', 'i',  ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f', '(', '\"',
'#', 'i', 'n', 'c', 'l', 'u', 'd', 'e', ' ', '<', 's', 't', 'd', 'i', 'o', '.', 'h',
'>', '\\', 'n', '\\', 'n', '\"', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', 'c', 'h', 'a', 'r', ' ', 's', '[', ']', ' ', '=', '\\', 'n', '{', '\\',
'n', '\"', ')', ';', '\n', '\t', 'f', 'o', 'r', '(', 'i', ' ', '=', ' ', '0', ';',
' ', 's', '[', 'i', ']', ';', ' ', 'i', '+', '+', ')', '\n', '\t', '\t', 'p', 'r',
'i', 'n', 't', 'f', '(', '\"', '\\', 't', '\, '%', 'c', '\, ',', '\\', 'n', '\"',
',', ' ', 's', '[', 'i', ']', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', '}', '\\', 'n', '\"', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', '%', 's', '\\', 'n', '\"', ',', ' ', 's', ')', ';', '\n', '}'
};

int main()
{
	int i;
	printf("#include <stdio.h>\n\n");
	printf("char s[] =\n{\n");
	for(i = 0; s[i]; i++)
		printf("'%c', ", s[i]);
	printf("};\n");
	printf("%s\n", s);
}

What can we do?

Checksums

MD5 for Win32