Groups | Search | Server Info | Login | Register
Groups > comp.security.misc > #1549
| Organization | Timetravellers Anonymous |
|---|---|
| References | <vd3uf2$7ng3$1@dont-email.me> <wwvbk08uoui.fsf@LkoBDZeT.terraraq.uk> <vdfs6p$2jf3c$1@dont-email.me> <A3AQO.382679$FzW1.372916@fx14.iad> <veurfk$3gv4u$1@dont-email.me> |
| From | rlhamil@smart.net (Richard L. Hamilton) |
| Subject | Re: Finding backdoors |
| Newsgroups | comp.security.misc |
| Message-ID | <oHEQO.291923$v8v2.282917@fx18.iad> (permalink) |
| Date | 2024-10-19 02:20 +0000 |
In article <veurfk$3gv4u$1@dont-email.me>, <bp@www.zefox.net> writes: > Richard L. Hamilton <rlhamil@smart.net> wrote: >> >> It's worse than that even. See >> >> Reflections on Trusting trust >> >> https://dl.acm.org/doi/pdf/10.1145/358198.358210 >> >> by Ken Thompson, the co-creator of Unix along with DMR. >> >> It describes adding some code to the C compiler that will insert into >> login.c a magic password for root power, and into a re-compile of the >> compiler, the code needed to propagate itself and that login.c backdoor. [...] > > A fascinating article, entirely new to me. > > Have any examples of such a trojan been found, or even suspected? > After forty years, one might expect to see it "in the wild" or at > least see plausible consequences if it's viable in practice. > > Thank you! I gather he ran it briefly on some system(s) he administered, so it definitely worked. It wouldn't propagate except if someone copied the gimmicked compiler binaries. The source code for the changes is out there. Of course, compilers have changed a lot since then, and the big open source compilers (gcc, clang) have a lot of eyes on their source, and the binaries to start rebuilding the toolchain with are probably built by "trusted" people and accompanied with gpg signatures. Which is not to say that it couldn't be done. Think about how gradually the xz based backdoor was introduced; although that did have a lot less eyes on it. While I've had interesting enough connections to have had a reasonably high level of general awareness expected of me, that did not extend to the point of either using such things or front line defense against them. So I couldn't say that something like it hasn't appeared. If in doubt, I would assume that all known possible threats and plenty of unknown ones existed. Consider if someone makes changes to a web based source control system (git, hg, etc) or publishing software (wordpress, etc); that could do something interesting to a lot of people's code, or to a lot of generated web pages. Doubtless a few such things have happened, although I don't recall specifics.
Back to comp.security.misc | Previous | Next — Previous in thread | Find similar
Finding backdoors <bp@www.zefox.net> - 2024-09-26 15:26 +0000
Re: Finding backdoors Marco Moock <mm+usenet-es@dorfdsl.de> - 2024-09-26 20:15 +0200
Re: Finding backdoors William Unruh <unruh@invalid.ca> - 2024-09-26 19:57 +0000
Re: Finding backdoors Marco Moock <mm+usenet-es@dorfdsl.de> - 2024-09-27 17:31 +0200
Re: Finding backdoors William Unruh <unruh@invalid.ca> - 2024-09-27 16:26 +0000
Re: Finding backdoors Marco Moock <mm+usenet-es@dorfdsl.de> - 2024-09-27 20:11 +0200
Re: Finding backdoors Richard Kettlewell <invalid@invalid.invalid> - 2024-09-28 10:09 +0100
Re: Finding backdoors <bp@www.zefox.net> - 2024-10-01 04:01 +0000
Re: Finding backdoors Richard Kettlewell <invalid@invalid.invalid> - 2024-10-01 16:44 +0100
Re: Finding backdoors rlhamil@smart.net (Richard L. Hamilton) - 2024-10-18 21:04 +0000
Re: Finding backdoors <bp@www.zefox.net> - 2024-10-18 23:37 +0000
Re: Finding backdoors rlhamil@smart.net (Richard L. Hamilton) - 2024-10-19 02:20 +0000
csiph-web