this post was submitted on 16 Jan 2026
25 points (87.9% liked)

Technology

1357 readers
24 users here now

A tech news sub for communists

founded 3 years ago
MODERATORS
muad_dibber@lemmygrad.ml
burlemarx@lemmygrad.ml
25
Is Germany Looking to Put a Backdoor into Arch Linux? (www.youtube.com)
submitted 1 week ago by yogthos@lemmygrad.ml to c/technology@lemmygrad.ml
46 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] yogthos@lemmygrad.ml 9 points 1 week ago* (last edited 1 week ago) (2 children)

Checksum compared to what though? Like you have to compile the code first, and if your compiler is compromised then all the code it outputs is also consistently compromised. Checksum isn't going to help you here. Literally the only way around this is to build a compiler from scratch in assembly, then use that to compile your code.

[–] mathemachristian@hexbear.net 4 points 1 week ago (1 children)

Compile the compiler? I presume there is some version that isn't compomised? Or go all the way back to some bootstrapped c compiler?

[–] yogthos@lemmygrad.ml 4 points 1 week ago (1 children)

Like I said, the only way you could really trust it is if you're not using a compile to make it. You have to write a compiler directly in assembly and then use that to compile everything else.

[–] mathemachristian@hexbear.net 4 points 1 week ago (1 children)

What I'm saying is there is no need to write a whole new compiler in assembly, check out the bootstrapping article I linked.

Or, if there is some uncompomised older compiler version A, and a compromised version B built with A, then the source code for B can be fed to A to create a clean version. As in it might be hard to try to poison the supply chain now, if they haven't already. We can't be sure it isn't already poisoned, but if it actually isn't it's possible to catch such an attack.

[–] yogthos@lemmygrad.ml 4 points 1 week ago

The key problem is knowing whether something is compromised or not though, that why you can't use an existing compiler if you want to be sure. Meanwhile, bootstrapping involved building a minimal core in assembly and then progressively compiling the compiler using itself. That's basically how you build a whole new compiler starting with assembly.

[–] chloroken@lemmy.ml 4 points 1 week ago (1 children)

Thanks for the explanation. I don't like this. Lmao.

[–] yogthos@lemmygrad.ml 1 points 1 week ago (1 children)

Haha yeah it's not great. Now that I thought about it some more, I wonder if you could use decompiling to verify that the compiler is doing what it says it does. If you compile a minimal program, and then decompile the assembly, you could see if there are any instructions that shouldn't be there. It wouldn't be trivial, but seems like it is a possible way to check that the compiler isn't injecting something weird.

[–] Collatz_problem@hexbear.net 2 points 1 week ago (1 children)

The compiler can introduce vulnerabilities only on some specific instructions, although it makes it difficult to propagate it further to new compilers.

[–] yogthos@lemmygrad.ml 2 points 1 week ago

Good point, verifying a disassembled binary wouldn't exhaustively prove the compiler is safe.