Linux virus (was RE: [plug] Windows Briefing)

Greg Mildenhall greg at networx.net.au
Sun Jun 13 11:39:06 WST 1999


On Sun, 13 Jun 1999, Christian wrote:
> Greg Mildenhall wrote:
> > On Wed, 3 Jan 1996, Trevor Phillips wrote:
> > > Matt Kemner wrote:
> > > > Sure it is possible for someone to write a Linux virus, and it can destroy
> > > Oh? How often do we run things as root?? How do we know a "configure" or
> > > "install" script we run doesn't tweak something in the system if run as
> > > root?
> > Because the source code is available.
> To be irritatingly pedantic, having the source code doesn't actually
> give you any sort of true verification of what the software does.  Ken
> Thompsons paper "Reflections on Trusting Trust" explains why.

You are so very right. OK guys, we're all gonna have to write our own
compilers from now on. It's heaps'o'fun, trust me. But what will we use to
compile it? Obviously to be secure we will have to write it in machine
code, (can't trust the assembler, either) and because we don't trust any
of our editors, we shall have to install it onto a floppy with a magnet.
Obviously we can't read the disk with software someone else wrote, so it
will have to be a bootable disk with our own OS/compiler combination.
Writing OS's is fun, too, so I'm told. Unfortunately, where this all
breaks down is the BIOS code. Can you really trust your BIOS?

If none of this makes sense to you, don't you think you should read the
Thompson paper?

-Greg



More information about the plug mailing list