Trusting Trust
Jump to navigation
Jump to search
Reflections on trusting trust
- Where do you get your software from?
- Do you trust the manufacturer?
- Do you download free software instead?
- Do you trust the programmer?
- Do you know that you really got the "real" program or could it be an altered copy?
Examples
Example 1
A self reproducing program
#include <stdio.h>
char s[] =
{
'\n', '\n', 'i', 'n', 't', ' ', 'm', 'a', 'i', 'n', '(', ')', '\n', '{', '\n', '\t',
'i', 'n', 't', ' ', 'i', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f', '(', '\"',
'#', 'i', 'n', 'c', 'l', 'u', 'd', 'e', ' ', '<', 's', 't', 'd', 'i', 'o', '.', 'h',
'>', '\\', 'n', '\\', 'n', '\"', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', 'c', 'h', 'a', 'r', ' ', 's', '[', ']', ' ', '=', '\\', 'n', '{', '\\',
'n', '\"', ')', ';', '\n', '\t', 'f', 'o', 'r', '(', 'i', ' ', '=', ' ', '0', ';',
' ', 's', '[', 'i', ']', ';', ' ', 'i', '+', '+', ')', '\n', '\t', '\t', 'p', 'r',
'i', 'n', 't', 'f', '(', '\"', '\\', 't', '\, '%', 'c', '\, ',', '\\', 'n', '\"',
',', ' ', 's', '[', 'i', ']', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', '}', '\\', 'n', '\"', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', '%', 's', '\\', 'n', '\"', ',', ' ', 's', ')', ';', '\n', '}'
};
int main()
{
int i;
printf("#include <stdio.h>\n\n");
printf("char s[] =\n{\n");
for(i = 0; s[i]; i++)
printf("'%c', ", s[i]);
printf("};\n");
printf("%s\n", s);
}