On Friday 24 March 2006 21:52, Orn E. Hansen wrote:
Backdoors have been notorious in Unix systems. I've got one notorious one in mind, that was inbedded into the C compiler itself when compiling "login.c". [...] Has little to do with the design of the system. It has a lot more to do with how the Linux community is, as in open source and regular updates. A program pretending to be "bash" shell for example, is not going to live long, because its going to be removed and reinstalled pretty regularly. And trying to put something inside a ".profile" script or similar, is likely to be discovered as most Linux users are enthusiasts that are fiddling with these things all the time. As in this community a source code is likely to be scrutinized by many, especially on volatile systems.
I believe you were referring to this: http://www.acm.org/classics/sep95/ and one of Thompson's points was that you can't even trust the source -- Certified: Yes. Certifiable: of course! jabber ID: anders@rydsbo.net