Mailinglist Archive: opensuse (3831 mails)

< Previous Next >
Re: [opensuse] Re: This is OT, but you guys are gonna love this one!!
  • From: "Greg Freemyer" <greg.freemyer@xxxxxxxxx>
  • Date: Fri, 12 Jan 2007 21:51:29 -0500
  • Message-id: <87f94c370701121851q3f9984bdr3776b66fc2965c45@xxxxxxxxxxxxxx>
On 1/11/07, Paul Abrahams <abrahams@xxxxxxx> wrote:
On Thursday 11 January 2007 8:59 pm, James Knott wrote:

> >
> > #1 How can I know that the software that I install is the same as what
> > the source is?
>
> Compile from source.

Many years ago Ken Thompson (or maybe it was Dennis Ritchie) gave the ACM
Turing Lecture on, essentially, coding tricks. He showed how it was possible
to booby-trap a compiler using repeated bootstraps in such a way that the
compiler was corrupted, yet its visible source code was clean. Recompiling
the compiler would retain the corruption. And such a corrupted compiler
could do anything, of course.

Paul
--

IIRC, He didn't show that it was possible, he actually did it and had
it in the C compiler for years before announcing that it was in there.
Due to the backdoor, Ken Thompson could log into any UNIX machine at
the time.

A brief google found this:
Along with Dennis Ritchie, Ken Thompson received the ACM Turing award
in 1983, for "for their development of generic operating systems
theory and specifically for the implementation of the UNIX operating
system.". In his Turing award lecture, Reflections On Trusting Trust,
Ken Thompson described a hack that he placed into early UNIX systems:
the C compiler would insert a back door whenever it compiled the login
program, allowing Ken Thompson to access any UNIX system. The scheme
was so fiendish that if you tried remove the back-door generating code
from the source code and recompile the compiler, the compiler would
reintroduce the back door generation into the source code!


Greg
--
Greg Freemyer
The Norcross Group
Forensics for the 21st Century
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups