Back to Home11/16/2025, 1:59:19 PM

Running the "Reflections on Trusting Trust" Compiler (2023)

naves

101 points

4 comments

Mood

thoughtful

Sentiment

positive

Discussion Activity

Light discussion

First comment

17h

Peak period

Day 1

Avg / period

Comment distribution2 data points

Based on 2 loaded comments

Key moments

01Story posted
11/16/2025, 1:59:19 PM
2d ago
Step 01
02First comment
11/17/2025, 6:39:40 AM
17h after posting
Step 02
03Peak activity
2 comments in Day 1
Hottest window of the conversation
Step 03
04Latest activity
11/17/2025, 7:07:50 AM
2d ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (4 comments)

Showing 2 comments of 4

Panzerschrek

2d ago

1 reply

How real is this specific case of supply chain attack? Are there any known cases of this specific attack?

lrvick

2d ago

At least strong evidence it happened once: https://niconiconi.neocities.org/posts/ken-thompson-really-d...

With careful planning though, with the ability to rootkit any linux kernel it compiles that in turn hot-patches any gcc compilations and so on, with the ability to re-route system calls to hide itself... it could be very very hard to detect.

Even moreso if such was deployed in a couple target CI/CD systems.

bootstrappable builds are the only path to prove such an attack did not happen.

2 more comments available on Hacker News

View full discussion on Hacker News

ID: 45945202Type: storyLast synced: 11/16/2025, 9:42:57 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Read Article View on HN