Password Choices
Guy Harris
guy at gorodish.Sun.COM
Thu Jul 28 10:50:36 AEST 1988
> The second story also has to do with security, and I also heard abscribed
> to Kernighan (interesting his name pops up twice in related stories).
>
> It seems that in the original unix systems one of the programmmers
> left a backdoor in login that allowed him on any user system. This
> was left in the binary and not the source so that regenerating
> login would cure it, but since most original systems just copied the
> binary, this trap was left in.
In his 1983 Turing award lecture, in the August 1984 CACM, Ken Thomson ascribes
it to himself; the backdoor was actually in the C compiler (preprocessor,
probably) - if it compiled itself, it stuck the backdoor in, and if it compiled
"login", it stuck the other backdoor in. Thus, even if *did* regenerate
"login", it wouldn't be cured, and even if you *did* have the source, you might
never find it.
He later ascribes the idea to an Air Force critique of an early Multics
implementation; he didn't remember what the document was that contained the
critique, and asked anybody who did know it to let him know.
More information about the Comp.unix.questions
mailing list