undefined | Better HN

0 pointskazinator7y ago0 comments

They got clean source for the compiler from the AT&T person. However, they neglected to get a clean binary for the compiler.

They compiled the clean source using the existing, malicious compiler installation. That compiler had a counter-measure against being recompiled from clean sources; it recognized that situation and perpetrated itself.

(A clean compiler binary might not help; suppose the trick involves other binaries, like the C library. They didn't have the kernel source so it was fairly reasonable to regard the kernel as clean.)

0 comments

mark-r7y ago

Binary patching the kernel wouldn't be hard if you had root access to change the files. It's an old trick - jump from the legit code to new code you appended, then jump back when done.

kazinatorOP7y ago

(You're right of course; what PC and Mac viruses have ever depended on kernel/bootloader source code?)

j / k navigate · click thread line to collapse