[Mono-list] Re: Bootstrapping

Thong (Tum) Nguyen tum@veridicus.com
Fri, 9 Jul 2004 15:49:53 +1200


> -----Original Message-----
> From: mono-list-admin@lists.ximian.com [mailto:mono-list-
> admin@lists.ximian.com] On Behalf Of Paolo Molaro
> Sent: Friday, 9 July 2004 02:05
> To: mono-list@lists.ximian.com
> Subject: Re: [Mono-list] Re: Bootstrapping
> 
> On 07/08/04 Jonathan Pryor wrote:
> > Besides, between the Mono and PNET projects we've effectively done the
> > dual compiler scenario.  For a full "from source" bootstrap you'd just
> > need to get PNET's compiler to be able to process the Mono class
> > libraries.  This may already be possible, but I haven't tried it.
> 
> There is no full "from source" bootstrap, since you have to start
> trusting something somewhere (are you sure your video card shows you the
> correct stuff? Is the firmware in your hard-drive trustworthy?).
> Originally mcs and corlib where compiled with csc on windows, so
> paranoid people suppose MS could have injected a trojan. Assuming pnet's
> compiler could compile mcs and corlib correctly, would that give any
> more guarantees? Nope, since thay had to use the MS compiler to build
> their own corlib for much longer than us, the window of opportunity for
> the evil MS to inject a trojan on their system was much bigger, so there
> is no additional guarantee and people are deluding themselves if they
> think there is. An attack on the original mcs binary would have been
> very sophitsticated, still someone thinks it would be possible to detect
> such an attack by ignoring an equivalently-sophisticated attack.
> 

Quite incorrect.  Building pnet's corlib doesn't require an existing corlib
because PNET's compiler (like MS's compiler) is written in C.  Even if pnet
used a trojan compiler to compile corlib at one point or another, any
subsequent recompilation with cscc would overwrite the trojan.

Regards,

^Tum