Trojan horses -- the definitive answer
William LeFebvre
phil at RICE.ARPA
Thu Nov 14 04:52:42 AEST 1985
All this talk of the famous "trojan horse" of Unix has made me go find
the very article where I first read about this. The article is
"Reflections on Trusting Trust" by Ken Thompson, _Communications_of_
the_ACM_, Vol. 27, #8 (August 1984), pp 761--763. It was Thompson's
Turing Award lecture.
I quote:
Figure 3.2 shows a simple modification to the compiler that
will deliberately miscompile source whenever a particular pattern is
matched. If this were not deliberate, it would be called a compiler
"bug". Since it is deliberate, it should be called a "Trojan horse."
The actual bug that I planted in the compiler would match code in
the UNIX "login" command. The replacement code would miscompile the
login command so that it would accept either the intended encrypted
password or a particular known password. Thus if this code were
installed in binary and the binary were used to compile the login
command, I could log into that system as any user.
Such blatant code would not go undetected for long. Even the
most casual perusal of the source of the C compiler would raise
suspicions.
...
The final step ... simply adds a second Trojan Horse to the one that
already exists. The second pattern is aimed at the C compiler. The
replacement code is a ... self-reproducing program that inserts both
Trojan horses into the compiler.... First we compile the modified
source with the normal C compiler to produce a bugged binary. We
install this binary as the official C. We can now remove the bugs from
the source of the compiler and the new binary will reinsert the bugs
whenever it is compiled. Of course, the login command will remain
bugged with no trace in source anywhere.
(Copyright 1984, Association for Computing Machinery,
copied by permission)
I realize that this could give potential hackers out there some ideas.
But I don't feel bad about sending this into the list, since it comes
from a well published document and can probably be found in any decent
sized library.
I would encourage everyone to find a copy of that article and read it.
It isn't very long and it is very good. The final section of it is Ken
Thompson moralizing about "hackers", and severely criticizes the press
in their handling of the situations (414 gang, Dalton gang, etc.).
Well worth reading.
I thought that the article contained some statement like "this bugged
version of the C compiler never made it out of Bell", but no such
statement is made. Suppose it did make it out after all.....
William LeFebvre
Department of Computer Science
Rice University
<phil at Rice.arpa>
or, for the daring: <phil at Rice.edu>
More information about the Comp.unix.wizards
mailing list