You really can't.
An old example:
A c compiler compiles its own code.
The compiler can compile itself.
So the compiler compiled a version of itself with nefarious code.
This new version of the compiler compiles new code for the next version of the compiler. Code that doesn't have the actual hacked code in it, but does call it.
You now have clean source code that's open. But a corrupted compiler.
This kind of attack is crazy hard to uncover.
So the only real way to be fully convinced its safe, is to see the code before any compiled software is involved. Cuz any compiled software could be corrupted to inject things during compalation of otherwise clean source.
So yea, it's a big problem. And that's not even getting into all the code at the hardware level that could be doing things.
Logen Kain
npub1zn…2utp4
2024-07-26 16:17:33
in reply to nevent1q…ppvt
Author Public Key
npub1znn4qa8rql4e5qkpu9q4sd42tyl5hyrquy0rzgwf78azqqzs7cwsr2utp4Published at
2024-07-26 16:17:33Event JSON
{
"id": "6c2ac1419eba5f1c662fdd470dc38578f7442db8f89ac5c6671b2bd77cd0ff58",
"pubkey": "14e75074e307eb9a02c1e1415836aa593f4b9060e11e3121c9f1fa200050f61d",
"created_at": 1722010653,
"kind": 1,
"tags": [
[
"e",
"3304db1dc43f691f7730606c52b5e61fb1d9caa8a5488f87c850a96f69e4eddf",
"",
"root"
],
[
"e",
"f9b35db378022adc8d26dad9dfcf45da3c4bbe1c5af0b7c8b687c0c7b2d9f388"
],
[
"e",
"f38b27438322dbc593e5a031980fc5dbc97c53f41a5b548c5fd6eda76686e457",
"",
"reply"
],
[
"p",
"1928ee3558f54e3164d81d26c35e123c254bae128354d7617d7fd862d70d9a2b"
],
[
"p",
"14e75074e307eb9a02c1e1415836aa593f4b9060e11e3121c9f1fa200050f61d"
]
],
"content": "You really can't.\n\nAn old example:\n\nA c compiler compiles its own code.\n\nThe compiler can compile itself.\n\nSo the compiler compiled a version of itself with nefarious code.\n\nThis new version of the compiler compiles new code for the next version of the compiler. Code that doesn't have the actual hacked code in it, but does call it.\n\nYou now have clean source code that's open. But a corrupted compiler. \n\nThis kind of attack is crazy hard to uncover. \n\nSo the only real way to be fully convinced its safe, is to see the code before any compiled software is involved. Cuz any compiled software could be corrupted to inject things during compalation of otherwise clean source.\n\nSo yea, it's a big problem. And that's not even getting into all the code at the hardware level that could be doing things.",
"sig": "cc64452b3adf20b20875c2b30a43dd0417f40fe4fa476b24c38118ef9546e77f259cc58e0335cf059c14fddc7ec2cd94cba5f527fa46ab596e97c56dd9abe88f"
}