Viral Unix Compiler

norman at norman at
Thu Jan 6 19:34:51 AEST 2000

So far as I know (from conversations with insiders in the past), no system
was ever shipped out of Bell Labs with Ken's self-healing trojan horse in
login and the C compiler.  (For those who don't remember, both programs
were involved: login buggered so that a secret string was always accepted
as a valid password for any login; the compiler buggered to recognize when
compiling login or itself, and reinsert the buggery.  Hence one can remove
the buggered sources, but as long as the binaries remain, so will the bugs.)

Ken's Turing Award lecture doesn't say whether those programs were ever
shipped to the public.  He probably left it dangling on purpose, since
the point he is trying to make is that it isn't just code you have to trust,
but the programmer who wrote it; you cannot possibly know everything that's
going on inside unless you created everything involved, including compilers
and assemblers and the operating system.

Dennis's Turing Award lecture in the same issue of CACM is worth re-reading too,
especially for those who think that Open Source is a cure for the common
cold or that it was invented in the 1990s or 1980s.

Norman Wilson

Received: (from major at localhost)
	by (8.9.3/8.9.3) id UAA48359
	for pups-liszt; Thu, 6 Jan 2000 20:45:36 +1100 (EST)

More information about the TUHS mailing list