Trusting the Tools - was Re: Open Source ...
kent at songbird.com
kent at songbird.com
Sun Oct 12 18:48:04 EDT 2003
On Sun, Oct 12, 2003 at 08:25:21AM -0600, Anne & Lynn Wheeler wrote:
>
> It wouldn't have been impossible ... but quite unlikely. It is somewhat
> easier in C-based programs since there are additional levels of indirection
> and obfuscations between the statements in a C program and the
> generated machine code.
Hmm. While I agree with your assessment of likelihood, I think you
understate the seriousness of the issue in both the C case and the
assembler case -- they are not really that different. It's not just a
matter of indirection and obfuscation -- there can be large blocks of
code generated for which there is no external visibility whatsoever (ie,
the map files and other traces of generated code can simply not show the
hidden code. This is true both for C and assembler. The only way you
can really tell is if you capture *all* of the live memory of the
computer, and disassemble it with a verified disassembler.
(eg, what shows as bss 0 in the assembler listing is really code; what shows
as one set of instructions in the listing is in reality different.)
Kent
--
Kent Crispin "Be good, and you will be
crispin at icann.org,kent at songbird.com lonesome."
p: +1 310 823 9358 f: +1 310 823 8649 -- Mark Twain
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list