A friend of mine always builds everything from source. I don’t know why, but I vaguely remember hearing something about security. Over at Microsoft, dangriff has a post about the assumption that the compiler is safe.
It’s an interesting question; I’ve often wondered about hiding rogue code in plain sight in large code bases (and GCC, for example, certainly qualifies). If I recall correctly, this happened a few years ago in OpenSSH.
At the end of the day, I find myself agreeing with dangriff – it’s amazingly unlikely that any significant compiler-based exploit would get through either GCC or any commercial compiler. But I guess the p != 0.
GCC had a security problem long time ago, I don’t remember the details neither it does google, but it was interesting
I assume that you are familiar with the story of Ken Thompson’s backdoor into UNIX. If not have a look the following URL. http://www.wbglinks.net/pages/reads/wbgreads/hacksexplained/hacksexplained04.html
Pretty ingenious really.