[TUHS] Thompson trojan put into practice
Larry McVoy
lm at mcvoy.com
Mon Sep 20 12:50:35 AEST 2021
On Sun, Sep 19, 2021 at 10:39:25PM -0400, Douglas McIlroy wrote:
> > It's part of my academic project to work on provable compiler security.
> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
> > Thompson, not only to show a compiler Trojan horse but also to prove that
> > we can discover it.
>
> Of course it can be discovered if you look for it. What was impressive about
> the folks who got Thompson's compiler at PWB is that they found the horse
> even though they weren't looking for it.
>
> Then there was the first time Jim Reeds and I turned on integrity control in
> IX, our multilevel-security version of Research Unix. When it reported
> a security
> violation during startup we were sure it was a bug. But no, it had snagged Tom
> Duff's virus in the act of replication. It surprised Tom as much as it did us,
> because he thought he'd eradicated it.
>
> Doug
This is the first I've heard of Tom Duff's virus, what was that?
--
---
Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm
More information about the TUHS
mailing list