[TUHS] Thompson trojan put into practice

John P. Linderman jpl.jpl at gmail.com
Tue Sep 21 00:35:50 AEST 2021

My recollection is that Larry Wehr ran nm on the compiler, possibly in
response to the extra-byte quirk, and found a subroutine reference with no
appearance in the source. If Ken hadn't kept the code so modular, they
might never have noticed.

On Mon, Sep 20, 2021 at 9:53 AM Ken Thompson <kenbob at gmail.com> wrote:

> pwb recompiled the compiler and it got 1 byte larger.
> again, another byte. after that they played with it
> until they broke the quine part. i am not sure that
> if they ever realized what was going on.
> the extra byte was my bug.
> On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy <
> douglas.mcilroy at dartmouth.edu> wrote:
>> >> > It's part of my academic project to work on provable compiler
>> security.
>> >> > I tried to do it according to the "Reflections on Trusting Trust" by
>> Ken
>> >> > Thompson, not only to show a compiler Trojan horse but also to prove
>> that
>> >> > we can discover it.
>> >>
>> >> Of course it can be discovered if you look for it. What was impressive
>> about
>> >> the folks who got Thompson's compiler at PWB is that they found the
>> horse
>> >> even though they weren't looking for it.
>> > I had not heard this story. Can you elaborate, please? My impression
>> from having
>> > read the paper (a long time ago now) is that Ken did the experiment
>> locally only.
>> Ken did it locally, but a vigilant person at PWB noticed there was an
>> experimental
>> compiler on the research machine and grabbed it. While they weren't
>> looking for
>> hidden stuff, they probably were trying to find what was new in the
>> compiler. Ken
>> may know details about what they had in the way of source and binary.
>> Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20210920/31c13f25/attachment.htm>

More information about the TUHS mailing list