From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200109301251.NAA16629@cthulhu.dircon.co.uk> Subject: Re: [9fans] on the topic of viruses In-Reply-To: <20010927043348.21B361998A@mail.cse.psu.edu> from "dmr@plan9.bell-labs.com" at "Sep 27, 2001 00:33:42 am" To: 9fans@cse.psu.edu From: Digby Tarvin MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Sun, 30 Sep 2001 13:51:35 +0100 Topicbox-Message-UUID: f6b766b4-eac9-11e9-9e20-41e7f4b1d025 Thanks for the fascinating read. On the subject of sneaky Unix hacks, it reminded me of a story that I think I first heard back in my student days the late 70s which I think was attributed to you Dennis... As I recall it was a trojan horse attack based on a modification to the C compiler which caused it to recognise when it was compiling the login program, and insert appropriate sneaky back door in the generated code. The really sneaky bit was that it also recognised when it was compiling an unmodified source for the C compiler, and inserted this and the modification above in the generated code. The end result was that no modified source code need remain on the system, but a complete rebuild from clean source would result in the back door still being generated.... I have often wondered if it just urban legend, or is there a basis in fact? Regards, DigbyT dmr@plan9.bell-labs.com: > I've been interested in this too, though until now I've > never asked TD about it directly (but just did). > > I retrieved the internal tech-memo version of Duff's paper > from the BL library's collection. It's a big page-scan > (768KB in PDF). Usenix doesn't seem to have the published > version. > > For the moment, it's available at > www.cs.bell-labs-com/~dmr/tdvirus.pdf > > If Tom objects, I'll withdraw it. But it's a nice paper. > > Dennis -- Digby R. S. Tarvin digbyt@acm.org http://www.cthulhu.dircon.co.uk