[mdasen]

You can actually detect the issue in Trusting Trust: https://www.schneier.com/blog/archives/2006/01/countering_tr...

If you have two compilers and one is open source (and you've read the source and happy that it's clean), you can compile that source with both compilers. The output will be different because the two compilers will make different optimizations. However, now you have two binaries of the same compiler and while they aren't the same, their output will be. So you can re-compile the source with both new binaries and you should get a bit-for-bit equivalent output.

[nialv7]

You can not. The point is you cannot run the code of a compiler, you have to run the compiled binary. And there's no way to verify if the binary does the same thing as the code when the Ken Thompson Hack is implemented.

[jhgb]

Aren't there C interpreters still around?

[nialv7]

How can you be sure there's no Ken Thompson Hack in the interpretor?

[jhgb]

How would there be one? It's not like you can easily write a program that infiltrates a random program A that happens to interpret a language in which a random program B is written and infiltrates the B program afterwards. You'd probably need a general-artificial-intelligence-level in your malware.