| 1 |
With you having to compile thousands of stuffs if you build from stage 1, I |
| 2 |
doubt that you will be able to verify every single thing you compile and |
| 3 |
detect if something is actually doing sneaky stuff AND still have the time |
| 4 |
to enjoy your system. Also, even if you build from stage 1 and manage to |
| 5 |
verify all the source code, you still need to download a precompiled |
| 6 |
compiler which could possibly inject the malicious code into the programs |
| 7 |
it compiles, and which can also inject itself if you try to compile another |
| 8 |
compiler from source. If there is a single software that is worth a gold |
| 9 |
mine to inject with malware to gain illicit access to all Linux system, |
| 10 |
then it would be gcc. Once you infect a compiler, you're invincible. |
| 11 |
|
| 12 |
Also, did you apply the same level of scrutiny to your hardware? |
| 13 |
|
| 14 |
For the truly paranoid, I recommend unplugging. |
Archives