Can I trust downloading Python?

Anthony Papillion papillion at gmail.com
Mon Sep 9 07:02:18 EDT 2013 

On 09/09/2013 04:41 AM, Steven D'Aprano wrote:
> On Mon, 09 Sep 2013 02:39:09 +1000, Chris Angelico wrote:
> 
>> On Mon, Sep 9, 2013 at 2:08 AM, Charles Hottel <chottel at earthlink.net>
>> wrote:
>>> I think this article is relevant althought the code examples are not
>>> Python but C:
>>>
>>> http://cm.bell-labs.com/who/ken/trust.html
>>
>> That is quite true, and yet not truly helpful here :) It's like pointing
>> out that we could be being fed false information, and then suggesting
>> that The Matrix is technically possible. Once you start distrusting to
>> that level, you become paranoid to a point that's inappropriate to all
>> but the most critical situations. I'd accept and maybe even recommend
>> that sort of paranoia if you're running a nuclear power station, or an
>> automated weapon system capable of firing missiles that destroy the
>> planet, or a bank that holds everyone's money. For the average Joe,
>> there's no point panicking.
>>
>> Also: That hack works beautifully when there's precisely one C compiler.
>> In today's world, there are many (well known ones like gcc, clang, MS
>> Visual Studio (whatever the compiler from that is called), and a bunch
>> of lesser-known ones as well), and it's pretty easy to just grab a
>> different compiler and build. The chances that your code will be falsely
>> compiled by TWO compilers would have to be infinitesimal, and you
>> needn't stop at two. 
> 
> That logic is dubious. Compilers aren't compromised by chance, and we 
> don't know the a priori probability of any specific compiler being 
> compromised. That depends on the attacker, surely? We know, for example, 
> that the NSA has compromised multiple brands of router, smart phone and 
> similar. If they, or some other similar organisation with equivalent 
> capabilities, were going to attack compilers in the same manner, they 
> surely wouldn't stop at one.

But (and this is stepping into *really* paranoid territory here. But
maybe not beyond the realm of possibility) it would not be so hard to
compromise compilers at the chip level. If the NSA were to strike an
agreement with, say, Intel so that every time a compiler ran on the
system, secret code was discreetly inserted into the binary, it would be
nearly impossible to detect and a very elegant solution to a tough problem.

More information about the Python-list mailing list