Full Disclosure: Re: OpenBSD has Open Backdoored Software Distribution

Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo

From: Graham Gower <graham.gower () gmail com>
Date: Thu, 23 Dec 2010 16:23:01 +1030

On 23 December 2010 13:54, The Sp3ctacle <sp3ctacle () gmail com> wrote:

It shouldn't be that hard to bindiff the code compiled with with the
shipped compiler with the code from a compiler that predates the
latest backdoor shenanigans.  You could decompile the binary code and
then ask a cryptographer to audit.


Even getting the code to build with a 10+ year old gcc would be a
massive undertaking. And if you did that, I daresay the bindiff would
be meaningless - 10 years of code generation improvements, not to
mention OpenBSD moved from a.out to elf somewhere in there.

-Graham

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

OpenBSD has Open Backdoored Software Distribution - admitted by Theo Dave Nett (Dec 22)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Dan Kaminsky (Dec 23)
  - Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo mrx (Dec 23)
    - Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Valdis . Kletnieks (Dec 23)
    - Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Paul Schmehl (Dec 23)
    - Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo The Sp3ctacle (Dec 23)
    - Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Graham Gower (Dec 23)
    - Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Carlos Alberto Lopez Perez (Dec 23)
- Re: OpenBSD has Open Backdoored Software Distribution - admitted by Theo Paul Schmehl (Dec 23)