zlacker

[parent] [thread] 2 comments
1. yjftsj+(OP)[view] [source] 2021-04-07 15:54:37
> Simple but not 100% foolproof, you can mutate your source code and verify the changes propagate.

If I was evil, I wouldn't have a totally separate source tree and binary that I shipped; I'd have my CI process inject a patch file. As a result, everything would work as expected - including getting any changes from the public source code - but the created binaries would be backdoored.

replies(2): >>pluies+x5 >>tlarkw+Lc
2. pluies+x5[view] [source] 2021-04-07 16:18:21
>>yjftsj+(OP)
https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... :)
3. tlarkw+Lc[view] [source] 2021-04-07 16:51:25
>>yjftsj+(OP)
Yeah I can fix this with work but just getting some users would be helpful first
[go to top]