From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 21889 invoked from network); 20 Sep 2021 02:51:04 -0000 Received: from minnie.tuhs.org (45.79.103.53) by inbox.vuxu.org with ESMTPUTF8; 20 Sep 2021 02:51:04 -0000 Received: by minnie.tuhs.org (Postfix, from userid 112) id 415599CA33; Mon, 20 Sep 2021 12:51:02 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 35ECE9C8E1; Mon, 20 Sep 2021 12:50:40 +1000 (AEST) Received: by minnie.tuhs.org (Postfix, from userid 112) id 7A2A39C8DC; Mon, 20 Sep 2021 12:50:36 +1000 (AEST) Received: from mcvoy.com (mcvoy.com [192.169.23.250]) by minnie.tuhs.org (Postfix) with ESMTPS id B1A3E9C8DB for ; Mon, 20 Sep 2021 12:50:35 +1000 (AEST) Received: by mcvoy.com (Postfix, from userid 3546) id 4048E35E1B8; Sun, 19 Sep 2021 19:50:35 -0700 (PDT) Date: Sun, 19 Sep 2021 19:50:35 -0700 From: Larry McVoy To: Douglas McIlroy Message-ID: <20210920025035.GI7551@mcvoy.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [TUHS] Thompson trojan put into practice X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: TUHS main list Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Sun, Sep 19, 2021 at 10:39:25PM -0400, Douglas McIlroy wrote: > > It's part of my academic project to work on provable compiler security. > > I tried to do it according to the "Reflections on Trusting Trust" by Ken > > Thompson, not only to show a compiler Trojan horse but also to prove that > > we can discover it. > > Of course it can be discovered if you look for it. What was impressive about > the folks who got Thompson's compiler at PWB is that they found the horse > even though they weren't looking for it. > > Then there was the first time Jim Reeds and I turned on integrity control in > IX, our multilevel-security version of Research Unix. When it reported > a security > violation during startup we were sure it was a bug. But no, it had snagged Tom > Duff's virus in the act of replication. It surprised Tom as much as it did us, > because he thought he'd eradicated it. > > Doug This is the first I've heard of Tom Duff's virus, what was that? -- --- Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm