Vulnerability Development mailing list archives
Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh)
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Sun, 1 Oct 2000 19:04:23 +0200
Yes, the login & compiler bug is wellknown and is the classic example of a backdoor :) You basicly couldn't rid yourself of the bug any other way than using a none-backdoored compiler (the compiler also backdoored the the compiler if it was being re-compiled ;) ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team http://www.eff.org/cafe On Fri, 29 Sep 2000, Ben Galehouse wrote:
"Bluefish (P.Magnusson)" wrote: [SNIP]Additionally, many people trust binary-only compilers... If you are really paranoid, that's not a good thing :) (to be honest, I'm not that paranoid)I've seen stories, supposedly from the early days of unix, regarding a pariticular c compiler. In would compile files normally, unless it was compiling login... or itself.
Current thread:
- Re: C versus other languages, round 538 or so (Re: CGI scriptsin sh) Bluefish (P.Magnusson) (Oct 02)