id	author	title	date	pages	extension	mime	words	sentences	flesch	summary	cache	txt
www-schneier-com-2705		Countering "Trusting Trust" - Schneier on Security			.html	text/html	11647	896	75	Ken Thompson described it in his classic 1984 speech, "Reflections on Trusting Trust." Basically, an attacker changes a compiler binary to produce malicious versions of some programs, INCLUDING ITSELF. The problem is that GCC's engineers probably don't think like Intel's engineers and the compilers will produce different binaries anyway. Now, even though you use how many compilers as you like from whatever sources or where-ever systems, if you run them on the compromised system and the linker (which the compiler binaries then run on the compromised system) always adds the attack code at the same place (say at the beginning with the startup) this check proposed would be useless. The trusted source can't do that, because it isn't a known non-malicious version of the compiler under test: it's a completely different program. The trick is to recompile the source of the compiler under test with the binary which was itself produced by the trusted compiler.	./cache/www-schneier-com-2705.html	./txt/www-schneier-com-2705.txt