Changing Religeon
Steve Jenkin
sjenkin at pcug.org.au
Wed Mar 6 12:47:03 EST 2002
The 'self replicating trojan' is no myth.
Ken Thompson added code to a C compiler that recognised 'login' and
added assembler code so he could always log in [as root?]
He then added code that did the same for the compiler & hid the 'login'
hack.
And then removed the hacks from the compiler source - so the insertions
replicate in the executable 'cc', but cant be found by code inspection.
[Nor could you devise a test for the backdoor in the login program]
http://www.acm.org/classics/sep95/
His paper (1983) is called 'Reflections on Trusting Trust'.
His conclusion: If you didn't create the whole thing, you can't really
trust it.
cheers
sj
Sam Couter <scouter at bigpond.net.au> wrote:
> Date: Mon, 4 Mar 2002 21:38:28 +1100
> From:
> To: linux <linux at lists.samba.org>
> Subject: Re: Changing Religeon
>
<<snip>>
>
> It doesn't really matter though, I'm not really a fan of Pascal, so I'm
> not likely to use the compiler. I only asked out of interest, and
> because I recommend caution when downloading binaries. The old urban
> myth about Dennis Ritchie's (??) self-replicating trojan in the compiler
> comes to mind. Check the Jargon File for "back door":=20
>
> http://www.tuxedo.org/~esr/jargon/html/entry/back-door.html
>
> Be careful... One entry leads to another, and before you know it you've
> wasted a whole afternoon reading parts of the Jargon file and wetting
> yourself laughing.
> --=20
> Sam "Eddie" Couter | mailto:scouter at bigpond.net.au
> Debian Developer | mailto:eddie at debian.org
> | jabber:sam at jabber.topic.com.au
> OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
--
--------
Steve Jenkin, Unix Sys Admin
PO Box 48, Kippax, ACT 2615
0412 786 915
More information about the linux
mailing list