Password Choices
Brian Utterback
blu at hall.cray.com
Fri Aug 12 05:58:27 AEST 1988
In article <8073 at alice.UUCP| ark at alice.UUCP writes:
|In article <1406 at devsys.oakhill.UUCP>, steve at oakhill.UUCP writes:
|> It seems that in the original unix systems one of the programmmers
|> left a backdoor in login that allowed him on any user system. This
|> was left in the binary and not the source so that regenerating
|> login would cure it, but since most original systems just copied the
|> binary, this trap was left in.
|>
|> I don't believe either of these stories are true.
|
|This one is, almost.
|
[ Description Deleted]
|Notice the situation after he was done: he had a trap door in login,
|yet all the source code everywhere in the system was precisely what
|it had been before he started. Moreover, recompiling any part of
|the system would leave his trap door intact.
|
|To convince yourself that this story is not a myth, go through
|back issues of Communications of the ACM until you find the
|Turing Award lectures by Thompson and Ritchie.
I think it was just Thompson.
The key word here is almost. In the Turing lecture, this was presented as
a scenario, not as a historical reference. It is clear after reading the
article that what is done is a little beyond the state of the art in
artificial intelligence. But only a little. After the lecture was
entitled "Reflections on Trusting Trust" not "How I Broke Login".
His point is that theoretically, to trust a program to be trap free, one
must have verified it in the source for the program, all the previous source,
the source for the compiler and all the previos source for the compiler.
--
Brian Utterback |UUCP:{ihnp4!cray,sun!tundra}!hall!blu | "Aunt Pheobe,
Cray Research Inc. |ARPA:blu%hall.cray.com at uc.msc.umn.edu | we looked like
One Tara Blvd. #301 | | Smurfs!"
Nashua NH. 03062 |Tele:(603) 888-3083 |
More information about the Comp.unix.questions
mailing list