This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: old intentional gcc bug?

From: Erik Trulsson <ertr1013 at student dot uu dot se>
To: Robert Dewar <dewar at adacore dot com>
Cc: krith htirk <krith83 at yahoo dot com>, gcc at gcc dot gnu dot org
Date: Sat, 23 Jun 2007 23:20:18 +0200
Subject: Re: old intentional gcc bug?
References: <900468.6755.qm@web59302.mail.re1.yahoo.com> <20070623161902.GA88490@owl.midgard.homeip.net> <467D8432.905@adacore.com>

On Sat, Jun 23, 2007 at 04:36:02PM -0400, Robert Dewar wrote:
> Erik Trulsson wrote:
> 
> >Ken Thompson (one of the original creators of Unix) *did* put such a hack 
> >into
> >their C compiler which would automatically add backdoor code when it
> >compiled the 'login' program.  This was many years ago and AFAIK the hacked
> >Unix version was never released into the wild.
> 
> Are you sure your information is accurate. Neither of the references
> that you cite back you up on this. Yes, of course we all know of Ken's
> proposed design for this (from his ACM talk), but I never read anywhere
> before that this was actually carried out in the wild or otherwise.

The Wikipedia page I referenced (http://en.wikipedia.org/wiki/Thompson_hack)
says that:

  "What's worse, in Thompson's proof of concept implementation, the
  subverted compiler also subverted the analysis program (the disassembler),
  so that anyone who examined the binaries in the usual way would not actually
  see the real code that was running, but something else instead. This version
  was never released into the wild. It was released to a sibling Bell Labs
  organization as a test case; they never found the attack"

The Jargon File (http://www.catb.org/jargon/html/B/back-door.html) says:
  "The Turing lecture that reported this truly moby hack was later published as
  Reflections on Trusting Trust, Communications of the ACM 27, 8 (August
  1984), pp. 761--763 (text available at http://www.acm.org/classics/). Ken
  Thompson has since confirmed that this hack was implemented and that the
  Trojan Horse code did appear in the login binary of a Unix Support group
  machine. Ken says the crocked compiler was never distributed. Your editor
  has heard two separate reports that suggest that the crocked login did make
  it out of Bell Labs, notably to BBN, and that it enabled at least one
  late-night login across the network by someone using the login name kt."

And reading Ken's ACM paper (http://www.acm.org/classics/sep95/) certainly
gives me the impression that he is talking about a real program, not just a
purely hypothetical case:

  [...]
  I would like to present to you the cutest program I ever wrote. I
  will do this in three stages and try to bring it together at the end.
  [...]
  The actual bug I planted in the compiler would match code in the UNIX
  "login" command.

-- 
<Insert your favourite quote here.>
Erik Trulsson
ertr1013@student.uu.se

Follow-Ups:
- Re: old intentional gcc bug?
  - From: Robert Dewar

References:
- old intentional gcc bug?
  - From: krith htirk
- Re: old intentional gcc bug?
  - From: Erik Trulsson
- Re: old intentional gcc bug?
  - From: Robert Dewar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]