[TUHS] Thompson trojan put into practice
Ken Thompson
kenbob at gmail.com
Mon Sep 20 23:51:40 AEST 2021
pwb recompiled the compiler and it got 1 byte larger.
again, another byte. after that they played with it
until they broke the quine part. i am not sure that
if they ever realized what was going on.
the extra byte was my bug.
On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy <
douglas.mcilroy at dartmouth.edu> wrote:
> >> > It's part of my academic project to work on provable compiler
> security.
> >> > I tried to do it according to the "Reflections on Trusting Trust" by
> Ken
> >> > Thompson, not only to show a compiler Trojan horse but also to prove
> that
> >> > we can discover it.
> >>
> >> Of course it can be discovered if you look for it. What was impressive
> about
> >> the folks who got Thompson's compiler at PWB is that they found the
> horse
> >> even though they weren't looking for it.
>
> > I had not heard this story. Can you elaborate, please? My impression
> from having
> > read the paper (a long time ago now) is that Ken did the experiment
> locally only.
>
> Ken did it locally, but a vigilant person at PWB noticed there was an
> experimental
> compiler on the research machine and grabbed it. While they weren't
> looking for
> hidden stuff, they probably were trying to find what was new in the
> compiler. Ken
> may know details about what they had in the way of source and binary.
>
> Doug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20210920/c355b996/attachment.htm>
More information about the TUHS
mailing list