Hacker News new | past | comments | ask | show | jobs | submit login

The idea is that a compiler is, loosely, a self-reproducing program and is therefore in a position to propagate malware in a very subtle way - by modifying the binary version of future versions of itself.

From a security perspective, this is different from a compromised (say) Debian mirror because it's not a question of, "does this binary match the source I downloaded from?" but, rather, "does this binary do the right thing when I use it to compile my system?"

Think of it this way: you and a friend both compile GCC. But the native code which results is not necessarily the same - it depends on details of your machine and your existing compiler tools. So there is no way to say what "the binary for GCC 4.4.x on i686" should look like, so you cannot tell if your friend modified his compiler's source code just before compiling it. This is (sort of) the problem the paper is solving.

I am not an expert, but I hope this is clearer.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: