This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: old intentional gcc bug?

From: Erik Trulsson <ertr1013 at student dot uu dot se>
To: krith htirk <krith83 at yahoo dot com>
Cc: gcc at gcc dot gnu dot org
Date: Sat, 23 Jun 2007 18:19:02 +0200
Subject: Re: old intentional gcc bug?
References: <900468.6755.qm@web59302.mail.re1.yahoo.com>

On Sat, Jun 23, 2007 at 08:35:19AM -0700, krith htirk wrote:
> Hi, 
> 
> I've been told that a developer of gcc, in the early stages, put a
> security hole that allowed him complete access to any computer running
> unix, as gcc was included in unix, and that it stayed that way until he
> decided to tell everyone and patch it.
> 
> I don't believe him, but I couldn't find any information about that in the
> internet deniying it. That's why I came here to confirm that it never
> happened.
> 
> Sorry for my bad English and thank you. 
> 
> Regards.
> 


A very similar thing has actually happened, but not with gcc (not that I
know of anyway.)

Ken Thompson (one of the original creators of Unix) *did* put such a hack into
their C compiler which would automatically add backdoor code when it
compiled the 'login' program.  This was many years ago and AFAIK the hacked
Unix version was never released into the wild.

You can read more about this hack at

http://en.wikipedia.org/wiki/Thompson_hack   or
http://www.acm.org/classics/sep95/



-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013@student.uu.se

Follow-Ups:
- Re: old intentional gcc bug?
  - From: Robert Dewar

References:
- old intentional gcc bug?
  - From: krith htirk

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]