[TUHS] Thompson trojan put into practice
arnold at skeeve.com
arnold at skeeve.com
Mon Sep 20 01:46:34 AEST 2021
This is FYI. No comment on whether it was a good idea or not. :-)
Arnold
> From: Niklas Rosencrantz <niklasro at gmail.com>
> Date: Sun, 19 Sep 2021 17:10:24 +0200
> To: tinycc-devel at nongnu.org
> Subject: Re: [Tinycc-devel] Can tcc compile itself with Apple M1?
>
>
> Hello!
>
> For demonstration purpose I put my experiment with a compiler backdoor in a
> public repository
> https://github.com/montao/ddc-tinyc/blob/857d927363e9c9aaa713bb20adbe99ded76ac615/tcc-evil/tinycc/libtcc.c#L989
>
> It's part of my academic project to work on provable compiler security.
> I tried to do it according to the "Reflections on Trusting Trust" by Ken
> Thompson, not only to show a compiler Trojan horse but also to prove that
> we can discover it.
> What it does is inject arbitrary code to the next version of the compiler
> and so on.
>
> Regards \n
More information about the TUHS
mailing list