I think this is a neat thought exercise and a clever demo, but it does wash right over an interesting complication in actually mounting such an attack. Assuming the people who work on the compiler are not collectively mounting the attack, you’d need to hide the attack from them. That means that the final step of the malicious compiler can’t be just copying the old version of itself instead of the newly compiled version of itself, otherwise everyone who went to add a feature would instantly see what was going on.
That’s not to say it’s impossible to write a backdoor into a compiler that’s resilient against the need to maintain/add features/refactor/etc., but the challenge of keeping such a beast in place for very long would require quite a bit more than a demo like this.
I think this is a neat thought exercise and a clever demo, but it does wash right over an interesting complication in actually mounting such an attack. Assuming the people who work on the compiler are not collectively mounting the attack, you’d need to hide the attack from them. That means that the final step of the malicious compiler can’t be just copying the old version of itself instead of the newly compiled version of itself, otherwise everyone who went to add a feature would instantly see what was going on.
That’s not to say it’s impossible to write a backdoor into a compiler that’s resilient against the need to maintain/add features/refactor/etc., but the challenge of keeping such a beast in place for very long would require quite a bit more than a demo like this.