All of lore.kernel.org
 help / color / mirror / Atom feed
From: Lukasz Luzar <lluzar@tigeraudits.com>
To: "Carsten P. Gehrke" <Carsten@rollinghorse.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: Linuxfromscratch.org
Date: Wed, 23 Jul 2003 22:26:42 +0200 (CEST)	[thread overview]
Message-ID: <Pine.LNX.4.44.0307232139200.9324-100000@chaos.tigeraudits.com> (raw)
In-Reply-To: <5.1.1.6.2.20030723080629.0a198680@Shire>

Hello,

> Is this true of the GNU C compiler suite as well?  And if so, would it not 
> be possible to remove it from the compiler?  How does it work?  Does it 
> look at the code, or is anything called login.c susceptible?  Why has this 
> not been removed in the open-source code?  How can I check to see if this 
> backdoor exists?

I suppose there's a "simple" way to avoid backdoors in gcc-like compilers ;-)

Assuming the BIOS is not backdoored, the simplified steps are:

1). Perform a security audit of a simplest public-available C compiler [1]
    written in ANSI C
2). Convert the C compiler's _source_code_ (written in ANSI C) 
    into x86 assembler _source_code_ by yourself, replacing all 
    OS-depended interrupts etc.
3). Write a simplest (low-efficient, but trusted) assembler compiler 
    (~a x86 assembler source code converter into x86 machine-code ;-) 
    preferably targeted on a less popular processor (even a 8051...)
4). Compile the audited C compiler, converted into x86 assembler source code, 
    by using the above tool, so the final trusted compiler to be OS-independent
    and floopy-bootable and has a simple built-in shell etc. ;-)
5). Do some tricks to copy the trusted C compiler on a floppy and make it 
    bootable
6). Launch the trusted & independent compiler from the bootable floppy
7). Compile the compiler [1], a shell, libs and all tools needed to compile  
    Linux kernel by using your own trusted compiler booted from the floppy
8). Compile a simplest Linux kernel using these tools
9). Put the kernel on a prepared bootable partition
10). Copy the compiled tools on the partition
11). Boot the Linux from this partition
12). Recompile all required packages needed for your distribution 
     according to LFS documentation.

Cheers,

-- 
Lukasz Luzar
http://Developers.of.PL/
Crede quod habes, et habes

[[ http://galeria.luzar.pl/ ]]

/* paran01a 1s a v1rtu3 */






--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

  parent reply	other threads:[~2003-07-23 20:21 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-22  1:42 Linuxfromscratch.org Charlie Watts
2003-07-22 20:06 ` Linuxfromscratch.org Russell Coker
2003-07-22 20:49   ` Linuxfromscratch.org Dean Anderson
2003-07-23 15:09     ` Linuxfromscratch.org Carsten P. Gehrke
2003-07-23 15:44       ` Linuxfromscratch.org Russell Coker
2003-07-23 20:01         ` Linuxfromscratch.org Dale Amon
2003-07-23 21:24         ` Linuxfromscratch.org Dean Anderson
2003-07-23 19:34       ` Linuxfromscratch.org karlm
2003-07-23 22:08         ` Linuxfromscratch.org Dean Anderson
2003-07-24 14:06           ` Linuxfromscratch.org Dale Amon
2003-07-24 14:16           ` Linuxfromscratch.org Dale Amon
2003-07-24 14:18             ` Linuxfromscratch.org Dale Amon
2003-07-24 17:40         ` Linuxfromscratch.org Colin Walters
2003-07-24 18:52           ` Linuxfromscratch.org Dean Anderson
2003-07-27 15:28             ` Linuxfromscratch.org Tom
2003-07-27 20:13               ` Linuxfromscratch.org Colin Walters
2003-07-28 17:17                 ` Linuxfromscratch.org Tom
2003-07-24 19:42           ` Linuxfromscratch.org Russell Coker
2003-07-27 15:19         ` Linuxfromscratch.org Tom
2003-07-23 20:26       ` Lukasz Luzar [this message]
2003-07-24  0:29         ` Linuxfromscratch.org Dale Amon
2003-07-24  6:39           ` Linuxfromscratch.org Brian May
2003-07-24 12:32             ` Linuxfromscratch.org Dale Amon
2003-07-23  1:17   ` Linuxfromscratch.org Carsten P. Gehrke

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.44.0307232139200.9324-100000@chaos.tigeraudits.com \
    --to=lluzar@tigeraudits.com \
    --cc=Carsten@rollinghorse.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.