Reply to post: Re: Filesystems in user space...

Google's Fuchsia OS Flutters into view: We're just trying out some new concepts, claims exec

Crazy Operations Guy Silver badge

Re: Filesystems in user space...

Ken Thompson demonstrated that in his infamous "Reflections on Trusting Trust" speech at the 1983 Turing awards. He built a version of cc, the c compiler, that had enough logic to recognize when it was compiling the Unix login code or when it was compiling the c-compiler. When it detected that the compiler was building the login code, it would inject itself into the resulting binary. If it detected you were compiling the Unix login code, it would insert an extra line into the case statement that processes the username. In this case, if you used the username 'ken', the case statement would just jump over the code to check /etc/passwd and just set the UID/GID to 0 and proceed to setting up the session.

You could have clean source for both the login page and cc, then re-compile the compiler before building Unix and still have his backdoor present on your system. You could only get rid of it by using a different compiler, used an old compiler to build the new one, or manually remove the backdoor code from the binary.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019