[TUHS] trusting trust code
Russ Cox
rsc at swtch.com
Thu Oct 26 11:55:33 AEST 2023
Hi all,
Ken mailed me the code for the compiler backdoor.
I have annotated it and posted it at https://research.swtch.com/nih.
As part of the post, I wrote a new simulator that can run V6 binaries.
The simulator is a halfway point between the designs of simh and apout.
It is running a translation of the V6 kernel to Go (with no hardware)
and running user binaries on a simulated PDP11 CPU. The result combines
apout's "easy to run" with simh's "v6-specific system calls work".
In particular, it is good enough to run the backdoored login command,
which apout simply cannot due to host OS tty handling not being like V6,
and without having to fuss with disk pack images like in simh.
If you have Go installed locally, you can run the new simulator with
go run rsc.io/unix/v6run at latest
You can also run it in your browser at https://research.swtch.com/v6.
Finally, it turns out that the backdoor code was published this summer
in the TUHS archive, but no one noticed. It is in dmr_tapes.tgz [1] in the file
dmr_tapes/ken-sky/tp/nih.a. It is also visible in the dmr_tapes/ken/bits
tape image, although not in the extracted files.
Enjoy!
Best,
Russ
[1] https://www.tuhs.org/Archive/Applications/Dennis_Tapes/
More information about the TUHS
mailing list