Thread: Does kernel 2.6 include an NSA backdoor?
View Single Post
  #164 (permalink)  
Old 03-09-2008, 12:17 PM
bz
Guest
  
Posts: n/a
Default Re: Does kernel 2.6 include an NSA backdoor?
Jean-David Beyer <jeandavid8@verizon.net> wrote in
news:5ABAj.2166$wM2.41@trnddc07:

> But the trojanized version is not. And once you compile the trojanized
> compiler, you can eliminate it's source code from the universe and it is
> too late. Because that compiler can contaminate everything it compiles,
> including the Gcc source.
>

A trojan in the object code is NOT always useful.

It is easy to have a bug that only shows up under very special
circumstances, it is very difficult to 'craft a "bug"' that adds a trojan
to the object ONLY when such a trojan would be usefun.

You can run some tests like:
1) compile a very simple program with a single instruction.
2) compile a longer program with multiple instructions.
3) compare the length of the objects produce to confirm that the length
grows with the number of instructions AND that the plot of complexity vs
length of object has an intercept of zero length.

A compiler that is smart enough to 'add a back door' to the object
produced is going to produce an object that contain ONLY the back door
when it compiles a very simple program or it will display a discontinuity
in the size of the object produced when the code compiled is reduced below
a certain length. Either will be obvious.

So a compiler that is adds it's Trojan to EVERY object produced will leave
an obvious 'finger print' on every object produced. The trojan code is the
finger print.

To avoid this, the compiler must be smart en ought to know the function of
the object code it produces.

A compiler smart enough to KNOW the function of the module it is being
called upon to produce and only add the Trojan to an object where the
Trojan would be useful would need to be tens of thousands of times larger
than any normal compiler.

While theoretically possible, it is impractical to produce such a compiler
because a trojan that adds itself to the compiler will have bugs in the
trojan's code. According to Smurfy's law, it would keep adding copies of
itself each time it was used to recomplile itself, until memory was
exhausted.

--
bz

please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
infinite set.

bz+csm@ch100-5.chem.lsu.edu remove ch100-5 to avoid spam trap

Reply With Quote