|Ken Thompson is on the left. That's not Adam Savage on the right.|
The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.Ken was referring to the trojan modifications he embedded into the C compiler, illustrating that you need to rely on more that source code, but the compiler, the assember, the loader, all the way down to the instruction sets of the CPUs. Or as Schneier famously pitched: "security is a chain; only as strong as its weakest link".
Who operates on a completely self-built system from software to hardware? We would venture to say: nary a soul.
Just a good reminder for a random Thursday, in case you forgot.