Vulnerability Development mailing list archives

Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh)

From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 1 Oct 2000 19:04:23 +0200

Yes, the login & compiler bug is wellknown and is the classic example of a
backdoor :) You basicly couldn't rid yourself of the bug any other way
than using a none-backdoored compiler (the compiler also backdoored the
the compiler if it was being re-compiled ;)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

             http://www.eff.org/cafe

On Fri, 29 Sep 2000, Ben Galehouse wrote:

"Bluefish (P.Magnusson)" wrote:
[SNIP]

Additionally, many people trust binary-only compilers... If you are really
paranoid, that's not a good thing :)  (to be honest, I'm not that
paranoid)


I've seen stories, supposedly from the early days of unix, regarding a
pariticular c compiler.  In would compile files normally, unless it was
compiling login... or itself.

Current thread:

Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Bluefish (P.Magnusson) (Oct 02)