[Matroska-devel] Is GCC safe ?

Steve Lhomme steve.lhomme at free.fr
Thu Aug 14 15:11:57 CEST 2003


> Hey Steve,

Yo

> On Thu, 2003-08-14 at 14:01, Steve Lhomme wrote:
> > http://news.zdnet.co.uk/internet/security/0,39020375,39115701,00.htm
> > The GNU servers have been compromised for 4 months...
>
> Depends. Most people use linux distributions (redhat, suse), and these
> companies triple check such hashes. So for 99,999% of the people
> (including most of us), there's probably no issue. For the people who do
> everything themselves (LFS people), there might be issues. That's their
> problem. ;).
>
> And even if GCC wasn't safe, what would it do? Make it crash my
> computers (didn't notice a thing)? Create binaries that "rm -fr /" daily
> (didn't notice any such thing until now, and even if it did - it doesn't
> have root permission...)? Create malicious binaries so that they can
> take over the world (yeah, right...)?

There's no big deal right now. But that proves that even open source code
may contain some backdoors. The Linux kernel is so big (and other projects)
and complex that it's simply impossible to check every line of code for what
it really does.

BTW I think some months ago a backdoor was found on a GCC release and they
promptly removed it. (the download location had been corrupted).

Just to make sure everyone is concerned about security at every stages :)




More information about the Matroska-devel mailing list