That is so neat! I never did read the paper itself on trusting trust or whatever it was called, so I always thought this was mainly a theoretical kind of thing. Didn't know that the man actually made a real-life proof-of-concept for that exploit!
it is very real indeed. I've heard tale of this kind of thing being used in the wild one time, and there must be use of this kind of exploit in the wild that has not been detected.
read the paper, it will scare you at least a little if you understand what it lays out.
we really do rely on the hope that our compilers are pure, and we have very few tools to detect a bad compiler if our tools are also compiled with a malicious compiler. even if we compile the compiler from source, we can't know, because the compiler itself could be "in on it."
> we really do rely on the hope that our compilers are pure
Jeremiah Orians hacked his way through the whole supply chain up to raw machine code to get a provably clean, up-to-date GCC for Linux on amd64¹, solving the bootstrapping problem in a complete way. He and some Guix people have also then worked to integrate this into GNU Guix (a cross-distro package manager) and GuixSD (a GNU operating system based on that package manager), so it's actually not too hard to make practical use of that work, either!
Imo, this is an incredible achievement that deserves much wider recognition. It must have taken a very principled, curious, obsessive, stubborn personality to even seriously take up this work. Pretty damn cool that it even happened.
I forgot the guy's name and fucked up by only looking at some of the most recent commits. Another hacker to highlight, and the one whose lectures taught me about these efforts when I found them on YouTube, is Jan Nieuwenhuizen, who goes by janneke online.
He's the author of GNU MES (Maxwell's Equations of Software), the scheme interpreter used in this bootstrap effort, and IIRC he's worked on many parts of this whole thing.
As a bit of an apology as well as a followup, here's some talks he gave a few of years ago about this whole bootstrap story!
Under certain assumptions. This method relies on making its assumptions expensive to violate. Which is good enough in practice...
...unless you're dealing with an attacker with vastly more resources than you, and a will to spend it. It's always worth keeping in mind that the way magic tricks work is usually because the performer invested much more time and effort in preparation and practice than anyone in the audience would consider reasonable.
When I learned about it, our professor told us it was an "if I did it..." type of scenario. Very cool to see from the mailing list that it was more than a hypothetical
