Comment by afdbcreid
19 hours ago
Considering that you often run the code after you compile it, it might not matter. Anyway, like it or not, most compilers don't consider themselves security sensitive and will not consider malicious code that is able to hijack the compiler a security vulnerability.
Ken Thompson won the award for nothing, yeah.
Totally unrelated; The trusting trust attack was about downloading a malicious compiler because malicious code was injected into it in some early version.
(And if you ask me, it was indeed overrated, but that's unrelated).
That was one way the attack could be done, there are many other ways if the compiler binary can be open for manipulation.