So far as I know (from conversations with insiders in the past), no system
was ever shipped out of Bell Labs with Ken's self-healing trojan horse in
login and the C compiler. (For those who don't remember, both programs
were involved: login buggered so that a secret string was always accepted
as a valid password for any login; the compiler buggered to recognize when
compiling login or itself, and reinsert the buggery. Hence one can remove
the buggered sources, but as long as the binaries remain, so will the bugs.)
Ken's Turing Award lecture doesn't say whether those programs were ever
shipped to the public. He probably left it dangling on purpose, since
the point he is trying to make is that it isn't just code you have to trust,
but the programmer who wrote it; you cannot possibly know everything that's
going on inside unless you created everything involved, including compilers
and assemblers and the operating system.
Dennis's Turing Award lecture in the same issue of CACM is worth re-reading too,
especially for those who think that Open Source is a cure for the common
cold or that it was invented in the 1990s or 1980s.
Norman Wilson
Received: (from major@localhost)
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id UAA48359
for pups-liszt; Thu, 6 Jan 2000 20:45:36 +1100 (EST)
From Warren Toomey <wkt(a)cs.adfa.edu.au> Thu Jan
6 19:45:17 2000
Received: from henry.cs.adfa.edu.au (henry.cs.adfa.edu.au
[131.236.21.158])
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with ESMTP id UAA48355
for <pups(a)minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 20:45:17 +1100 (EST)
Received: (from wkt@localhost)
by henry.cs.adfa.edu.au (8.9.2/8.9.3) id UAA35060
for pups(a)minnie.cs.adfa.edu.au; Thu, 6 Jan 2000 20:45:17 +1100 (EST)
From: Warren Toomey <wkt(a)cs.adfa.edu.au>
Message-Id: <200001060945.UAA35060(a)henry.cs.adfa.edu.au>
Subject: Re: CVS Repository for UNIX
In-Reply-To: <200001060909.UAA48145(a)minnie.cs.adfa.edu.au> from
"norman(a)nose.cita.utoronto.ca" at "Jan 6, 2000 4: 8:52 am"
To: pups(a)minnie.cs.adfa.edu.au (Unix Heritage Society)
Date: Thu, 6 Jan 2000 20:45:17 +1100 (EST)
Reply-To: wkt(a)cs.adfa.edu.au
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-pups(a)minnie.cs.adfa.edu.au
Precedence: bulk
In article by norman(a)nose.cita.utoronto.ca:
I would argue strongly that the archive should contain
absolutely pure
copies of any historic objects, whether they were proper distributions
or just snapshots like most of the older boot images. It's important
to preserve accurate, unbowdlerized history; that is part of what we
should be doing.
I agree completely.
Even using a CVS repository somehow doesn't feel
kosher to me, though
that is probably silly as long as it is possible (and clear how) to
extract the unimproved original, and as long as the very original
distribution or dump tape or whatnot is kept around too so that future
archaeologists have the right thing to study.
With CVS you can tag releases, and so you can extract back from a known
release. You can have branches at various points too, and also merge
branches. However, it really needs a CVS guru to make it work properly.
And, of course, when we get to BSD, we should bring the existing
SCCS deltas into the CVS tree, too.
The CVS idea can be someone else's project :-)
Warren
Received: (from major@localhost)
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id AAA49218
for pups-liszt; Fri, 7 Jan 2000 00:17:14 +1100 (EST)
From Tim Shoppa <SHOPPA(a)trailing-edge.com> Thu
Jan 6 23:16:41 2000
Received: from
timaxp.trailing-edge.com
(
timaxp.trailing-edge.com [63.73.218.130])
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with SMTP id AAA49214
for <PUPS(a)MINNIE.CS.ADFA.EDU.AU>; Fri, 7 Jan 2000 00:16:54 +1100 (EST)
Received: by
timaxp.trailing-edge.com for PUPS(a)MINNIE.CS.ADFA.EDU.AU;
Thu, 6 Jan 2000 8:16:41 -0500
Date: Thu, 6 Jan 2000 8:16:41 -0500
From: Tim Shoppa <SHOPPA(a)trailing-edge.com>
To: PUPS(a)minnie.cs.adfa.edu.au
Message-Id: <000106081641.202001e1(a)trailing-edge.com>
Subject: Re: Viral Unix Compiler
Sender: owner-pups(a)minnie.cs.adfa.edu.au
Precedence: bulk
So far as I know (from conversations with insiders in
the past), no system
was ever shipped out of Bell Labs with Ken's self-healing trojan horse in
login and the C compiler. (For those who don't remember, both programs
were involved: login buggered so that a secret string was always accepted
as a valid password for any login; the compiler buggered to recognize when
compiling login or itself, and reinsert the buggery. Hence one can remove
the buggered sources, but as long as the binaries remain, so will the bugs.)
Ken's Turing Award lecture doesn't say whether those programs were ever
shipped to the public. He probably left it dangling on purpose, since
the point he is trying to make is that it isn't just code you have to trust,
but the programmer who wrote it; you cannot possibly know everything that's
going on inside unless you created everything involved, including compilers
and assemblers and the operating system.
Perhaps Ken went even further and distributed buggered binaries of 'od'
as well (along with a 'cc' patch to re-insert the 'od' hole),
so those attempting to hand disassemble the code to *check* for
the existence of the security hole wouldn't find it.
The 'cc+login' hole is nice, sweet, and self-consistent. Attempting
to patch all the other tools to make it impossible to find these holes
sounds incredibly more complicated. Maybe it was just the way Ken
so clearly presented the "how to" lesson that makes anything I try to add
onto it sound incredibly awkward.
--
Tim Shoppa Email: shoppa(a)trailing-edge.com
Trailing Edge Technology WWW:
http://www.trailing-edge.com/
7328 Bradley Blvd Voice: 301-767-5917
Bethesda, MD, USA 20817 Fax: 301-767-5927
Received: (from major@localhost)
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id BAA49497
for pups-liszt; Fri, 7 Jan 2000 01:25:03 +1100 (EST)
From John Foust <jfoust(a)threedee.com> Fri Jan 7
00:23:43 2000
Received: from
threedee.com (
mail.threedee.com [209.83.65.10])
by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with ESMTP id BAA49487
for <PUPS(a)minnie.cs.adfa.edu.au>; Fri, 7 Jan 2000 01:24:42 +1100 (EST)
Received: from winnie (winnie [192.198.5.13]) by
threedee.com (8.7.5/8.7.3) with SMTP id
IAA27249 for <PUPS(a)minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 08:24:27 -0600
Message-Id: <3.0.5.32.20000106082343.01638ec0@pc>
X-Sender: jfoust@pc
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Thu, 06 Jan 2000 08:23:43 -0600
To: PUPS(a)minnie.cs.adfa.edu.au
From: John Foust <jfoust(a)threedee.com>
Subject: Re: Viral Unix Compiler
In-Reply-To: <000106081641.202001e1(a)trailing-edge.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-pups(a)minnie.cs.adfa.edu.au
Precedence: bulk
Has it ever been independently established that this viral
version of the compiler ever actually existed, or was this
just a parable about viral code?
- John