Viral Unix Compiler

[wkt@cs.adfa.edu.au (Warren Toomey)]

In article by Tim Shoppa:
> This brings up a question: should fixes (and I mean fundamental fixes
> like Y2K ones) be incorporated back into the boot images in the archive, or
> should they be left in their "pristine" state?  (Yes, i know, some of
> those boot images aren't quite so pristine.)

I'd agree to both. Mind you, once you start patching, where do you stop?
We could bring V6 up to being POSIX compatible with an ANSI C compiler :-)

Seriously, at one stage I did think of trying to check-in every version of
UNIX we have into a single CVS repository. Problem is, files have moved
around, and I want to leave gaps just in case we ever get the missing versions.
 
> As long as we're on the topic, which versions of Unix had the C
> compiler recognize when it was recompiling [/bin/login] and put a back
> door in for the developers?

I might ask Dennis for the details. From memory, the binaries never got out
of the Labs, and it would have been around the time of V6. Also from memory,
this was the topic of Ken's speech when he won the Turing award. I wonder if
the article is lying around somewhere.

	Warren

Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id HAA41128
	for pups-liszt; Thu, 6 Jan 2000 07:45:45 +1100 (EST)
Received: from andru.sonoma.edu (andru.sonoma.edu [130.157.3.226])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with SMTP id HAA41124
	for <pups at minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 07:45:21 +1100 (EST)
Received: (qmail 8022 invoked by uid 501); 5 Jan 2000 21:01:27 -0000
Received: from localhost (sendmail-bs at 127.0.0.1)
  by localhost with SMTP; 5 Jan 2000 21:01:27 -0000
Date: Wed, 5 Jan 2000 13:01:27 -0800 (PST)
From: Andru Luvisi <luvisi@andru.sonoma.edu>
To: Warren Toomey <wkt at cs.adfa.edu.au>
cc: Unix Heritage Society <pups at minnie.cs.adfa.edu.au>
Subject: Re: Viral Unix Compiler
In-Reply-To: <200001052035.HAA24359 at henry.cs.adfa.edu.au>
Message-ID: <Pine.LNX.4.03.10001051300300.7685-100000 at andru.sonoma.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk

On Thu, 6 Jan 2000, Warren Toomey wrote:
[snip] 
> I might ask Dennis for the details. From memory, the binaries never got out
> of the Labs, and it would have been around the time of V6. Also from memory,
> this was the topic of Ken's speech when he won the Turing award. I wonder if
> the article is lying around somewhere.

http://www.acm.org/classics/sep95/

Andru
-- 
-------------------------------------------------------------------------- 
| Andru Luvisi                 | http://libweb.sonoma.edu/		 |
| Programmer/Analyst           |   Library Resources Online              | 
| Ruben Salazar Library        |-----------------------------------------| 
| Sonoma State University      | http://www.belleprovence.com/		 |
| luvisi at andru.sonoma.edu      |   Textile imports from Provence, France |
--------------------------------------------------------------------------


Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id IAA41348
	for pups-liszt; Thu, 6 Jan 2000 08:14:17 +1100 (EST)
Received: from wilkes.kp.net (wilkes.kp.net [207.44.21.1])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with ESMTP id IAA41344
	for <pups at minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 08:13:52 +1100 (EST)
Received: from localhost (jcapp at localhost)
	by wilkes.kp.net (8.9.3/8.9.3) with ESMTP id QAA11665;
	Wed, 5 Jan 2000 16:33:48 -0500
Date: Wed, 5 Jan 2000 16:33:48 -0500 (EST)
From: "J. Capp" <jcapp@wilkes.kp.net>
To: Warren Toomey <wkt at cs.adfa.edu.au>
cc: Unix Heritage Society <pups at minnie.cs.adfa.edu.au>
Subject: Re: Viral Unix Compiler
In-Reply-To: <200001052035.HAA24359 at henry.cs.adfa.edu.au>
Message-ID: <Pine.LNX.4.05.10001051618210.10423-100000 at wilkes.kp.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk


On Thu, 6 Jan 2000, Warren Toomey wrote:

>
> I might ask Dennis for the details. From memory, the binaries never got out
> of the Labs, and it would have been around the time of V6. Also from memory,
> this was the topic of Ken's speech when he won the Turing award. I wonder if
> the article is lying around somewhere.
> 

Ken's speech "Reflections on Trusting Trust", was published in the
Communication of the ACM, Vol. 27, No. 8, August 1984.  It describes this
"trojan horse" in great detail.  But I do believe from this article that
it was an example of what could be done, not necessarily something that
was ever released into the hands of the public.

Jim Capp



Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id UAA48149
	for pups-liszt; Thu, 6 Jan 2000 20:09:45 +1100 (EST)
Received: from nose.cita.utoronto.ca (nose.cita.utoronto.ca [128.100.76.157])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with SMTP id UAA48145
	for <pups at minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 20:09:22 +1100 (EST)
From: norman@nose.cita.utoronto.ca
Message-Id: <200001060909.UAA48145 at minnie.cs.adfa.edu.au>
Subject: revisionism
To: pups at minnie.cs.adfa.edu.au
Date: Thu, 06 Jan 2000 04:08:52 -0500
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk

Tim Shoppa:
  This brings up a question: should fixes (and I mean fundamental fixes
  like Y2K ones) be incorporated back into the boot images in the archive, or
  should they be left in their "pristine" state?  (Yes, i know, some of
  those boot images aren't quite so pristine.)

I would argue strongly that the archive should contain absolutely pure
copies of any historic objects, whether they were proper distributions
or just snapshots like most of the older boot images.  It's important
to preserve accurate, unbowdlerized history; that is part of what we
should be doing.

There's nothing wrong with keeping fixed-up versions too, but but they
should be clearly distinguished from the historic originals.  (Perhaps
we could label them `ancient' and `primary platform'?)

Even using a CVS repository somehow doesn't feel kosher to me, though
that is probably silly as long as it is possible (and clear how) to
extract the unimproved original, and as long as the very original
distribution or dump tape or whatnot is kept around too so that future
archaeologists have the right thing to study.

Norman Wilson
684 Crawford Street, Toronto
(Formerly 696 Crawford Street before a renumbering in the 1950s;
I keep thinking of putting the old number up too.)

Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id UAA48301
	for pups-liszt; Thu, 6 Jan 2000 20:35:35 +1100 (EST)
Received: from nose.cita.utoronto.ca (nose.cita.utoronto.ca [128.100.76.157])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with SMTP id UAA48295
	for <pups at minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 20:35:13 +1100 (EST)
From: norman@nose.cita.utoronto.ca
Message-Id: <200001060935.UAA48295 at minnie.cs.adfa.edu.au>
Subject: Re: Viral Unix Compiler
To: pups at minnie.cs.adfa.edu.au
Date: Thu, 06 Jan 2000 04:34:51 -0500
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk

So far as I know (from conversations with insiders in the past), no system
was ever shipped out of Bell Labs with Ken's self-healing trojan horse in
login and the C compiler.  (For those who don't remember, both programs
were involved: login buggered so that a secret string was always accepted
as a valid password for any login; the compiler buggered to recognize when
compiling login or itself, and reinsert the buggery.  Hence one can remove
the buggered sources, but as long as the binaries remain, so will the bugs.)

Ken's Turing Award lecture doesn't say whether those programs were ever
shipped to the public.  He probably left it dangling on purpose, since
the point he is trying to make is that it isn't just code you have to trust,
but the programmer who wrote it; you cannot possibly know everything that's
going on inside unless you created everything involved, including compilers
and assemblers and the operating system.

Dennis's Turing Award lecture in the same issue of CACM is worth re-reading too,
especially for those who think that Open Source is a cure for the common
cold or that it was invented in the 1990s or 1980s.

Norman Wilson

Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id UAA48359
	for pups-liszt; Thu, 6 Jan 2000 20:45:36 +1100 (EST)
Received: from henry.cs.adfa.edu.au (henry.cs.adfa.edu.au [131.236.21.158])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with ESMTP id UAA48355
	for <pups at minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 20:45:17 +1100 (EST)
Received: (from wkt at localhost)
	by henry.cs.adfa.edu.au (8.9.2/8.9.3) id UAA35060
	for pups at minnie.cs.adfa.edu.au; Thu, 6 Jan 2000 20:45:17 +1100 (EST)
From: Warren Toomey <wkt@cs.adfa.edu.au>
Message-Id: <200001060945.UAA35060 at henry.cs.adfa.edu.au>
Subject: Re: CVS Repository for UNIX
In-Reply-To: <200001060909.UAA48145 at minnie.cs.adfa.edu.au> from "norman at nose.cita.utoronto.ca" at "Jan 6, 2000  4: 8:52 am"
To: pups at minnie.cs.adfa.edu.au (Unix Heritage Society)
Date: Thu, 6 Jan 2000 20:45:17 +1100 (EST)
Reply-To: wkt at cs.adfa.edu.au
X-Mailer: ELM [version 2.4ME+ PL43 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk

In article by norman at nose.cita.utoronto.ca:
> I would argue strongly that the archive should contain absolutely pure
> copies of any historic objects, whether they were proper distributions
> or just snapshots like most of the older boot images.  It's important
> to preserve accurate, unbowdlerized history; that is part of what we
> should be doing.

I agree completely.
 
> Even using a CVS repository somehow doesn't feel kosher to me, though
> that is probably silly as long as it is possible (and clear how) to
> extract the unimproved original, and as long as the very original
> distribution or dump tape or whatnot is kept around too so that future
> archaeologists have the right thing to study.

With CVS you can tag releases, and so you can extract back from a known
release. You can have branches at various points too, and also merge
branches. However, it really needs a CVS guru to make it work properly.
And, of course, when we get to BSD, we should bring the existing
SCCS deltas into the CVS tree, too.

The CVS idea can be someone else's project :-)
 
	Warren

Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id AAA49218
	for pups-liszt; Fri, 7 Jan 2000 00:17:14 +1100 (EST)
Received: from timaxp.trailing-edge.com (timaxp.trailing-edge.com [63.73.218.130])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with SMTP id AAA49214
	for <PUPS at MINNIE.CS.ADFA.EDU.AU>; Fri, 7 Jan 2000 00:16:54 +1100 (EST)
Received: by timaxp.trailing-edge.com for PUPS at MINNIE.CS.ADFA.EDU.AU;
          Thu, 6 Jan 2000 8:16:41 -0500
Date: Thu, 6 Jan 2000 8:16:41 -0500
From: Tim Shoppa <SHOPPA@trailing-edge.com>
To: PUPS at minnie.cs.adfa.edu.au
Message-Id: <000106081641.202001e1 at trailing-edge.com>
Subject: Re: Viral Unix Compiler
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk

>So far as I know (from conversations with insiders in the past), no system
>was ever shipped out of Bell Labs with Ken's self-healing trojan horse in
>login and the C compiler.  (For those who don't remember, both programs
>were involved: login buggered so that a secret string was always accepted
>as a valid password for any login; the compiler buggered to recognize when
>compiling login or itself, and reinsert the buggery.  Hence one can remove
>the buggered sources, but as long as the binaries remain, so will the bugs.)
>
>Ken's Turing Award lecture doesn't say whether those programs were ever
>shipped to the public.  He probably left it dangling on purpose, since
>the point he is trying to make is that it isn't just code you have to trust,
>but the programmer who wrote it; you cannot possibly know everything that's
>going on inside unless you created everything involved, including compilers
>and assemblers and the operating system.

Perhaps Ken went even further and distributed buggered binaries of 'od'
as well (along with a 'cc' patch to re-insert the 'od' hole),
so those attempting to hand disassemble the code to *check* for
the existence of the security hole wouldn't find it.

The 'cc+login' hole is nice, sweet, and self-consistent.  Attempting
to patch all the other tools to make it impossible to find these holes
sounds incredibly more complicated.  Maybe it was just the way Ken
so clearly presented the "how to" lesson that makes anything I try to add
onto it sound incredibly awkward.

-- 
 Tim Shoppa                        Email: shoppa at trailing-edge.com
 Trailing Edge Technology          WWW:   http://www.trailing-edge.com/
 7328 Bradley Blvd		   Voice: 301-767-5917
 Bethesda, MD, USA 20817           Fax:   301-767-5927

Received: (from major at localhost)
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) id BAA49497
	for pups-liszt; Fri, 7 Jan 2000 01:25:03 +1100 (EST)
Received: from threedee.com (mail.threedee.com [209.83.65.10])
	by minnie.cs.adfa.edu.au (8.9.3/8.9.3) with ESMTP id BAA49487
	for <PUPS at minnie.cs.adfa.edu.au>; Fri, 7 Jan 2000 01:24:42 +1100 (EST)
Received: from winnie (winnie [192.198.5.13]) by threedee.com (8.7.5/8.7.3) with SMTP id IAA27249 for <PUPS at minnie.cs.adfa.edu.au>; Thu, 6 Jan 2000 08:24:27 -0600
Message-Id: <3.0.5.32.20000106082343.01638ec0 at pc>
X-Sender: jfoust at pc
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Thu, 06 Jan 2000 08:23:43 -0600
To: PUPS at minnie.cs.adfa.edu.au
From: John Foust <jfoust@threedee.com>
Subject: Re: Viral Unix Compiler
In-Reply-To: <000106081641.202001e1 at trailing-edge.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-pups at minnie.cs.adfa.edu.au
Precedence: bulk


Has it ever been independently established that this viral 
version of the compiler ever actually existed, or was this 
just a parable about viral code?

- John