phil@RICE.ARPA (William LeFebvre) (11/13/85)
All this talk of the famous "trojan horse" of Unix has made me go find the very article where I first read about this. The article is "Reflections on Trusting Trust" by Ken Thompson, _Communications_of_ the_ACM_, Vol. 27, #8 (August 1984), pp 761--763. It was Thompson's Turing Award lecture. I quote: Figure 3.2 shows a simple modification to the compiler that will deliberately miscompile source whenever a particular pattern is matched. If this were not deliberate, it would be called a compiler "bug". Since it is deliberate, it should be called a "Trojan horse." The actual bug that I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user. Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions. ... The final step ... simply adds a second Trojan Horse to the one that already exists. The second pattern is aimed at the C compiler. The replacement code is a ... self-reproducing program that inserts both Trojan horses into the compiler.... First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere. (Copyright 1984, Association for Computing Machinery, copied by permission) I realize that this could give potential hackers out there some ideas. But I don't feel bad about sending this into the list, since it comes from a well published document and can probably be found in any decent sized library. I would encourage everyone to find a copy of that article and read it. It isn't very long and it is very good. The final section of it is Ken Thompson moralizing about "hackers", and severely criticizes the press in their handling of the situations (414 gang, Dalton gang, etc.). Well worth reading. I thought that the article contained some statement like "this bugged version of the C compiler never made it out of Bell", but no such statement is made. Suppose it did make it out after all..... William LeFebvre Department of Computer Science Rice University <phil@Rice.arpa> or, for the daring: <phil@Rice.edu>
rees@apollo.uucp (Jim Rees) (11/18/85)
There was also this, from net.lang.c. Am I the only one around here who keeps news for 3 years? From research!dmr Thu Nov 4 02:30:06 1982 Subject: Joy of reproduction Newsgroups: net.lang.c Some years ago Ken Thompson broke the C preprocessor in the following ways: 1) When compiling login.c, it inserted code that allowed you to log in as anyone by supplying either the regular password or a special, fixed password. 2) When compiling cpp.c, it inserted code that performed the special test to recognize the appropriate part of login.c and insert the password code. It also inserted code to recognize the appropriate part of cpp.c and insert the code described in way 2). Once the object cpp was installed, its bugs were thus self-reproducing, while all the source code remained clean-looking. (Things were even set up so the funny stuff would not be inserted if cc's -P option was used.) We actually installed this on one of the other systems at the Labs. It lasted for several months, until someone copied the cpp binary from another system. Notes: 1) The idea was not original; we saw it in a report on Multics vulnerabilities. I don't know of anyone else who actually went to the considerable labor of producing a working example. 2) I promise that no such thing has ever been included in any distributed version of Unix. However, this took place about the time that NSA was first acquiring the system, and there was considerable temptation. Dennis Ritchie