Reflections on Trusting Trust for Go - GopherConSG 2018

Published on: Saturday, 5 May 2018

Speaker: Yeo Kheng Meng

Most of us take our compilers for granted. In goes our code, out comes our binary that is supposed to behave the way we expect it to. In my talk, I’ll attempt to do a proof of concept demonstration to show how can one build virtually undetectable malicious compiler.

UPDATE:

Note that I accidentally missed out explaining the section on the ultimate compiler where it can hack the SHA256 program at around 13:40

The code for the ultimate compiler can be found here: https://github.com/yeokm1/reflections-on-trusting-trust-go/blob/master/codes/stage4/compiler-hack-ultimate.go

Slides: https://www.slideshare.net/yeokm1/reflections-on-trusting-trust-for-go
Code: https://github.com/yeokm1/reflections-on-trusting-trust-go

Produced by Engineers.SG