IRC channel logs
2024-04-22.log
back to list of logs
<stikonas>ekaitz: it's probably not easy to wideloy deploy though, you need to somehow get everybody to use that binary <stikonas>something like our tcc bug might be more obscure... <ekaitz>yeah but it's cool to see people talk about our problems <matrix_bridge><cosinusoidally> tcc bug? You could hide so much malicious stuff in tcc as the code is incomprehensible. If Fabrice Bellard had backdoored the original tcc would anyone know? It also doesn't help that anyone on the internet can push to the main dev branch (mob). <matrix_bridge><Andrius Štikonas> cosinusoidally: well, on backported risc-v tcc (note that not upstream) ekaitz and I hit a bug that corrupted all subsequent builds <matrix_bridge><Andrius Štikonas> and all subsequent tcc builds were miscompiling the code (missing some shifts) <matrix_bridge><Andrius Štikonas> even if the ones built starting from gcc worked <ekaitz>also the maintainer introduces huge commits with almost no description <matrix_bridge><cosinusoidally> Ah fair enought. Was the buggy version of tcc able to build itself? <ekaitz>and it was able to build many programs <ekaitz>the error appeared in the programs built by the upstream tcc compiled with this one <matrix_bridge><Andrius Štikonas> (and reuilding upstream tcc with itself didn't remove the bug) <ekaitz>but our tcc didn't show the same problem <matrix_bridge><cosinusoidally> That must have been a pain to debug. gcov might have helped to track it down. <ekaitz>we don't talk enough about how cool is what we are doing <matrix_bridge><Andrius Štikonas> adn ekaitz did nice job workarounding the problem <matrix_bridge><Andrius Štikonas> but backporting newer version of the function <ekaitz>there are many things to solve in that very function <ekaitz>basically casts didn't work properly <matrix_bridge><Andrius Štikonas> anyway, this was one of the most annoying issues here <ekaitz>i'm starting to get use to this kind of problems <oriansj>yeah, the secrets are out and now it only gets easier to implement the Thompson attack and harder for us to keep it out. <Googulator>Thompson's own code was also published a while ago <oriansj>indeed, appearently one needed only to ask. <stikonas>well, given bootstrappable builds it's probably easier to keep it out <oriansj>well it is now possible; the hard bit is the exploding world of attack paths. <oriansj>as now there are numerous programs which could be targeted.