Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One of my college professors joked about/discussed a potential attack where someone sneaks a change into the Linux kernel or distributes a binary that's different from the open source code and I remember the class dismissing it as if it was a joke. Turns out it wasn't as much of a joke as it seemed at the time.


Put it into the compiler so it re-inserts itself when it sees that the compiler is being recompiled...

Reflections on Trusting Trust: https://dl.acm.org/doi/pdf/10.1145/358198.358210


Bootstrappable Builds solves the compiler backdoor problem; start with only 512 of machine code and lots of source code, then build a whole distro.

https://bootstrappable.org/


You may be interested in reading about the Linux incident[1] perpetrated by some University of Minnesota researchers[2].

Previous discussion: https://news.ycombinator.com/item?id=26887670

[1] https://lkml.org/lkml/2021/4/21/454

[2] https://cse.umn.edu/cs/linux-incident


Reproducible Builds solves the "binary different from the source" problem:

https://reproducible-builds.org/


In 2011, root access to kernel.org was with rogue hackers: https://www.securityweek.com/linux-source-code-repository-ke...




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: