With XP SP1’s release to manufacturing (RTM), the company will finally provide its first comprehensive set of bug and security fixes to the fastest-selling Windows version ever. This can then be trusted to bootstrap the toolchain and OS of your choice.ĭelivering on its promise to release Windows XP Service Pack 1 (SP1) in the coming days, Microsoft announced late Friday that it will issue the critical upgrade to its latest desktop OS on September 9. The answer is to have a clean room environment – both tool chain and operating system – that the user has created and knows is free of compromises. No amount of source-level verification or scrutiny will protect you from using untrusted code,” he pointed out. “You can’t trust code that you did not totally create yourself. His compromised compiler could be used to replace the standard UNIX compiler, and the intruder could then remove the traces from the compiler source code, knowing that any program generated by the compiler would harbor the Trojan. Thompson set about producing a program which produced as output an exact copy of its source, in other words a program that will create a self-reproducing program. In 1984 the co-author of Unix Ken Thompson gave a theoretical example of how even an open toolchain could be compromised He described what he called the “cutetst program I ever wrote” in a paper subsequently known as Reflections on Trusting Trust.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |