Password Choices
Rick Adams
rick at seismo.CSS.GOV
Sat Aug 13 07:15:14 AEST 1988
In article <8502 at hall.cray.com>, blu at hall.cray.com (Brian Utterback) writes:
> The key word here is almost. In the Turing lecture, this was presented as
> a scenario, not as a historical reference.
OK. Here is a historical reference that describes it as reality and
not as a scenario.
>From research!dmr Thu Nov 4 02:30:06 1982
Subject: Joy of reproduction
Newsgroups: net.lang.c
Some years ago Ken Thompson broke the C preprocessor in the following
ways:
1) When compiling login.c, it inserted code that allowed you to
log in as anyone by supplying either the regular password or a special,
fixed password.
2) When compiling cpp.c, it inserted code that performed the special
test to recognize the appropriate part of login.c and insert the
password code. It also inserted code to recognize the appropriate
part of cpp.c and insert the code described in way 2).
Once the object cpp was installed, its bugs were thus self-reproducing,
while all the source code remained clean-looking. (Things were even set
up so the funny stuff would not be inserted if cc's -P option was used.)
We actually installed this on one of the other systems at the Labs.
It lasted for several months, until someone copied the cpp binary
from another system.
Notes:
1) The idea was not original; we saw it in a report on Multics
vulnerabilities. I don't know of anyone else who actually went to
the considerable labor of producing a working example.
2) I promise that no such thing has ever been included in any distributed
version of Unix. However, this took place about the time that NSA
was first acquiring the system, and there was considerable temptation.
Dennis Ritchie
More information about the Comp.unix.questions
mailing list