[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I have a 512 bit PGP key




>A compiler can recognize one specific piece of code or a few 
>specific peices of code and do something perverse.  It cannot 
>recognize functionally equivalent code, this
>being a high order artificial intelligence problem.
>
>Thus if someone used a perverted compiler to develop, debug, and
>enhance the targe code, he would immediately discover the compiler
>was perverted.
>

If I were going to implement a compiler-based attack against a
piece of security software, I'd probably do it entirely by altering
the linker.  That is, I'd have the linker recognize that it was
emiting a program called "pgp" or "pem" or "cfs" or whatever and
have it put a wrapper around the final executable module that simply
records any I/O and sends it to me.  With shared libraries, building
such a wrapper would be especially easy; just have all I/O go to your
library instead of the standard one.

It's also not hard to imagine ways in which such an attack could
be extended to fool even customized versions of systems like tripwire
into always reporting fixed results when run on particular files.

-matt