× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



On Wed, 11 Dec 2002, Buck Calabro wrote:

> We still haven't found a machine-enforced guaranteed chain of evidence that
> THIS source is in THAT object, although manual signatures in binder source
> help with service programs.  Although that can be forged easily enough.
> Matching the source change date/times AND the *SRVPGM signatures AND the
> file signatures provides a degree of security that the executable is pretty
> much what you think it is, always presuming that you have a reference object
> to compare against.

I think about the best you can do is keep an MD5 checksum of all your
objects.  Many folks in the open source world use this to gaurantee
that a given binary did indeed come from the right source.  This is how
things like tripwire detect intruders/trojans.

Of course you also have to trust that your compiler doesn't produce trojan
code.  Without the source to the compiler you will never know for sure.
Unless you are actually flipping the bits yourself on the machine you have
to trust somebody somewhere.  I think there really was a case where some
compiler produced trojaned code.  It even could detect if it was compiling
itself and insert the trojan into the new version of the compiler.

James Rich



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.