The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
* [TUHS] Thompson trojan put into practice
@ 2021-09-20  2:39 Douglas McIlroy
  2021-09-20  2:50 ` Larry McVoy
  2021-09-20  7:12 ` arnold
  0 siblings, 2 replies; 14+ messages in thread
From: Douglas McIlroy @ 2021-09-20  2:39 UTC (permalink / raw)
  To: TUHS main list

> It's part of my academic project to work on provable compiler security.
> I tried to do it according to the "Reflections on Trusting Trust" by Ken
> Thompson, not only to show a compiler Trojan horse but also to prove that
> we can discover it.

Of course it can be discovered if you look for it. What was impressive about
the folks who got Thompson's compiler at PWB is that they found the horse
even though they weren't looking for it.

Then there was the first time Jim Reeds and I turned on integrity control in
IX, our multilevel-security version of Research Unix. When it reported
a security
violation during startup we were sure it was a bug. But no, it had snagged Tom
Duff's virus in the act of replication. It surprised Tom as much as it did us,
because he thought he'd eradicated it.

Doug

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20  2:39 [TUHS] Thompson trojan put into practice Douglas McIlroy
@ 2021-09-20  2:50 ` Larry McVoy
  2021-09-20  7:12 ` arnold
  1 sibling, 0 replies; 14+ messages in thread
From: Larry McVoy @ 2021-09-20  2:50 UTC (permalink / raw)
  To: Douglas McIlroy; +Cc: TUHS main list

On Sun, Sep 19, 2021 at 10:39:25PM -0400, Douglas McIlroy wrote:
> > It's part of my academic project to work on provable compiler security.
> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
> > Thompson, not only to show a compiler Trojan horse but also to prove that
> > we can discover it.
> 
> Of course it can be discovered if you look for it. What was impressive about
> the folks who got Thompson's compiler at PWB is that they found the horse
> even though they weren't looking for it.
> 
> Then there was the first time Jim Reeds and I turned on integrity control in
> IX, our multilevel-security version of Research Unix. When it reported
> a security
> violation during startup we were sure it was a bug. But no, it had snagged Tom
> Duff's virus in the act of replication. It surprised Tom as much as it did us,
> because he thought he'd eradicated it.
> 
> Doug

This is the first I've heard of Tom Duff's virus, what was that?
-- 
---
Larry McVoy            	     lm at mcvoy.com             http://www.mcvoy.com/lm 

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20  2:39 [TUHS] Thompson trojan put into practice Douglas McIlroy
  2021-09-20  2:50 ` Larry McVoy
@ 2021-09-20  7:12 ` arnold
  1 sibling, 0 replies; 14+ messages in thread
From: arnold @ 2021-09-20  7:12 UTC (permalink / raw)
  To: tuhs, douglas.mcilroy

Douglas McIlroy <douglas.mcilroy@dartmouth.edu> wrote:

> > It's part of my academic project to work on provable compiler security.
> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
> > Thompson, not only to show a compiler Trojan horse but also to prove that
> > we can discover it.
>
> Of course it can be discovered if you look for it. What was impressive about
> the folks who got Thompson's compiler at PWB is that they found the horse
> even though they weren't looking for it.

I had not heard this story. Can you elaborate, please? My impression from having
read the paper (a long time ago now) is that Ken did the experiment locally only.

Thanks,

Arnold

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20 13:51 ` Ken Thompson
@ 2021-09-20 14:35   ` John P. Linderman
  0 siblings, 0 replies; 14+ messages in thread
From: John P. Linderman @ 2021-09-20 14:35 UTC (permalink / raw)
  To: Ken Thompson; +Cc: TUHS main list, Douglas McIlroy

[-- Attachment #1: Type: text/plain, Size: 1693 bytes --]

My recollection is that Larry Wehr ran nm on the compiler, possibly in
response to the extra-byte quirk, and found a subroutine reference with no
appearance in the source. If Ken hadn't kept the code so modular, they
might never have noticed.

On Mon, Sep 20, 2021 at 9:53 AM Ken Thompson <kenbob@gmail.com> wrote:

>
> pwb recompiled the compiler and it got 1 byte larger.
> again, another byte. after that they played with it
> until they broke the quine part. i am not sure that
> if they ever realized what was going on.
>
> the extra byte was my bug.
>
>
> On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy <
> douglas.mcilroy@dartmouth.edu> wrote:
>
>> >> > It's part of my academic project to work on provable compiler
>> security.
>> >> > I tried to do it according to the "Reflections on Trusting Trust" by
>> Ken
>> >> > Thompson, not only to show a compiler Trojan horse but also to prove
>> that
>> >> > we can discover it.
>> >>
>> >> Of course it can be discovered if you look for it. What was impressive
>> about
>> >> the folks who got Thompson's compiler at PWB is that they found the
>> horse
>> >> even though they weren't looking for it.
>>
>> > I had not heard this story. Can you elaborate, please? My impression
>> from having
>> > read the paper (a long time ago now) is that Ken did the experiment
>> locally only.
>>
>> Ken did it locally, but a vigilant person at PWB noticed there was an
>> experimental
>> compiler on the research machine and grabbed it. While they weren't
>> looking for
>> hidden stuff, they probably were trying to find what was new in the
>> compiler. Ken
>> may know details about what they had in the way of source and binary.
>>
>> Doug
>>
>

[-- Attachment #2: Type: text/html, Size: 2503 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20 11:57 Douglas McIlroy
@ 2021-09-20 13:51 ` Ken Thompson
  2021-09-20 14:35   ` John P. Linderman
  0 siblings, 1 reply; 14+ messages in thread
From: Ken Thompson @ 2021-09-20 13:51 UTC (permalink / raw)
  To: Douglas McIlroy; +Cc: TUHS main list

[-- Attachment #1: Type: text/plain, Size: 1326 bytes --]

pwb recompiled the compiler and it got 1 byte larger.
again, another byte. after that they played with it
until they broke the quine part. i am not sure that
if they ever realized what was going on.

the extra byte was my bug.


On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy <
douglas.mcilroy@dartmouth.edu> wrote:

> >> > It's part of my academic project to work on provable compiler
> security.
> >> > I tried to do it according to the "Reflections on Trusting Trust" by
> Ken
> >> > Thompson, not only to show a compiler Trojan horse but also to prove
> that
> >> > we can discover it.
> >>
> >> Of course it can be discovered if you look for it. What was impressive
> about
> >> the folks who got Thompson's compiler at PWB is that they found the
> horse
> >> even though they weren't looking for it.
>
> > I had not heard this story. Can you elaborate, please? My impression
> from having
> > read the paper (a long time ago now) is that Ken did the experiment
> locally only.
>
> Ken did it locally, but a vigilant person at PWB noticed there was an
> experimental
> compiler on the research machine and grabbed it. While they weren't
> looking for
> hidden stuff, they probably were trying to find what was new in the
> compiler. Ken
> may know details about what they had in the way of source and binary.
>
> Doug
>

[-- Attachment #2: Type: text/html, Size: 1834 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [TUHS] Thompson trojan put into practice
@ 2021-09-20 11:57 Douglas McIlroy
  2021-09-20 13:51 ` Ken Thompson
  0 siblings, 1 reply; 14+ messages in thread
From: Douglas McIlroy @ 2021-09-20 11:57 UTC (permalink / raw)
  To: TUHS main list

>> > It's part of my academic project to work on provable compiler security.
>> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
>> > Thompson, not only to show a compiler Trojan horse but also to prove that
>> > we can discover it.
>>
>> Of course it can be discovered if you look for it. What was impressive about
>> the folks who got Thompson's compiler at PWB is that they found the horse
>> even though they weren't looking for it.

> I had not heard this story. Can you elaborate, please? My impression from having
> read the paper (a long time ago now) is that Ken did the experiment locally only.

Ken did it locally, but a vigilant person at PWB noticed there was an
experimental
compiler on the research machine and grabbed it. While they weren't looking for
hidden stuff, they probably were trying to find what was new in the
compiler. Ken
may know details about what they had in the way of source and binary.

Doug

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20  3:21 ` David Arnold
  2021-09-20  4:35   ` Earl Baugh
@ 2021-09-20  4:36   ` Earl Baugh
  1 sibling, 0 replies; 14+ messages in thread
From: Earl Baugh @ 2021-09-20  4:36 UTC (permalink / raw)
  To: David Arnold; +Cc: tuhs, jnc

[-- Attachment #1: Type: text/plain, Size: 723 bytes --]

Btw he also wrote the famous Star Trek episode - The Trouble with Tribbles. 

Earl 

Sent from my iPhone

> On Sep 19, 2021, at 11:30 PM, David Arnold <davida@pobox.com> wrote:
> 
> I think that’s the first time I’ve seen Gerrold’s When H.A.R.L.I.E was One cited alongside Shockwave Rider as anticipating computer viruses.
> 
> Since we’re saving each other searching today, here’s a link to the author’s page for anyone else who, like me, hasn’t read it and wants to. 
> 
> https://www.gerrold.com/book/when-harlie-was-one/
> 
> 
> 
> 
> d
> 
>>> On 20 Sep 2021, at 13:05, jnc@mercury.lcs.mit.edu wrote:
>>> 
>> https://googlethatforyou.com/?q=Tom%20Duff%20Virus
>> 
>>    Noel

[-- Attachment #2: Type: text/html, Size: 1470 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20  3:21 ` David Arnold
@ 2021-09-20  4:35   ` Earl Baugh
  2021-09-20  4:36   ` Earl Baugh
  1 sibling, 0 replies; 14+ messages in thread
From: Earl Baugh @ 2021-09-20  4:35 UTC (permalink / raw)
  To: David Arnold; +Cc: tuhs, jnc

[-- Attachment #1: Type: text/plain, Size: 772 bytes --]

FYI that’s the 2nd modified version. 
The first version ends much differently.  See tha author note as to the background. 

Earl 

Sent from my iPhone

> On Sep 19, 2021, at 11:30 PM, David Arnold <davida@pobox.com> wrote:
> 
> I think that’s the first time I’ve seen Gerrold’s When H.A.R.L.I.E was One cited alongside Shockwave Rider as anticipating computer viruses.
> 
> Since we’re saving each other searching today, here’s a link to the author’s page for anyone else who, like me, hasn’t read it and wants to. 
> 
> https://www.gerrold.com/book/when-harlie-was-one/
> 
> 
> 
> 
> d
> 
>>> On 20 Sep 2021, at 13:05, jnc@mercury.lcs.mit.edu wrote:
>>> 
>> https://googlethatforyou.com/?q=Tom%20Duff%20Virus
>> 
>>    Noel

[-- Attachment #2: Type: text/html, Size: 1538 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-20  3:04 Noel Chiappa
@ 2021-09-20  3:21 ` David Arnold
  2021-09-20  4:35   ` Earl Baugh
  2021-09-20  4:36   ` Earl Baugh
  0 siblings, 2 replies; 14+ messages in thread
From: David Arnold @ 2021-09-20  3:21 UTC (permalink / raw)
  To: jnc; +Cc: tuhs

[-- Attachment #1: Type: text/plain, Size: 503 bytes --]

I think that’s the first time I’ve seen Gerrold’s When H.A.R.L.I.E was One cited alongside Shockwave Rider as anticipating computer viruses.

Since we’re saving each other searching today, here’s a link to the author’s page for anyone else who, like me, hasn’t read it and wants to. 

https://www.gerrold.com/book/when-harlie-was-one/




d

> On 20 Sep 2021, at 13:05, jnc@mercury.lcs.mit.edu wrote:
> 
> https://googlethatforyou.com/?q=Tom%20Duff%20Virus
> 
>    Noel

[-- Attachment #2: Type: text/html, Size: 1033 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
@ 2021-09-20  3:04 Noel Chiappa
  2021-09-20  3:21 ` David Arnold
  0 siblings, 1 reply; 14+ messages in thread
From: Noel Chiappa @ 2021-09-20  3:04 UTC (permalink / raw)
  To: tuhs

https://googlethatforyou.com/?q=Tom%20Duff%20Virus

	Noel

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-19 15:58 ` Al Kossow
  2021-09-19 16:02   ` arnold
@ 2021-09-19 16:10   ` John Floren
  1 sibling, 0 replies; 14+ messages in thread
From: John Floren @ 2021-09-19 16:10 UTC (permalink / raw)
  To: aek, tuhs

[-- Attachment #1: Type: text/plain, Size: 817 bytes --]

-------- Original Message --------
On Sep 19, 2021, 8:58 AM, Al Kossow < aek@bitsavers.org> wrote:
>> For demonstration purpose I put my experiment with a compiler backdoor in a
>> public repository
>> It's part of my academic project to work on provable compiler security.
Sounds like excellent grounds for expulsion.
Whatever happened to the people who were submitting poison pull requests at U-Minnesota?

It's in his own fork, in a directory called tcc-evil. He's not exactly sneaking it into the distribution. Calling it expulsion-worthy reminds me of the time a guy phoned the FBI because of an article he read in the NYT: Sandia Labs was running botnets in a virtualized environment! (Could the cluster route to the Internet? No, but he didn't know that, and he didn't care; only bad people have botnets)

john

[-- Attachment #2: Type: text/html, Size: 875 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-19 15:58 ` Al Kossow
@ 2021-09-19 16:02   ` arnold
  2021-09-19 16:10   ` John Floren
  1 sibling, 0 replies; 14+ messages in thread
From: arnold @ 2021-09-19 16:02 UTC (permalink / raw)
  To: tuhs, aek

Al Kossow <aek@bitsavers.org> wrote:

> >> For demonstration purpose I put my experiment with a compiler backdoor in a
> >> public repository
>
> >> It's part of my academic project to work on provable compiler security.
>
> Sounds like excellent grounds for expulsion.
>
> Whatever happened to the people who were submitting poison pull requests at U-Minnesota?
>

Supposedly he's able to show that the compiler has been hacked.

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [TUHS] Thompson trojan put into practice
  2021-09-19 15:46 arnold
@ 2021-09-19 15:58 ` Al Kossow
  2021-09-19 16:02   ` arnold
  2021-09-19 16:10   ` John Floren
  0 siblings, 2 replies; 14+ messages in thread
From: Al Kossow @ 2021-09-19 15:58 UTC (permalink / raw)
  To: tuhs

>> For demonstration purpose I put my experiment with a compiler backdoor in a
>> public repository

>> It's part of my academic project to work on provable compiler security.

Sounds like excellent grounds for expulsion.

Whatever happened to the people who were submitting poison pull requests at U-Minnesota?



^ permalink raw reply	[flat|nested] 14+ messages in thread

* [TUHS] Thompson trojan put into practice
@ 2021-09-19 15:46 arnold
  2021-09-19 15:58 ` Al Kossow
  0 siblings, 1 reply; 14+ messages in thread
From: arnold @ 2021-09-19 15:46 UTC (permalink / raw)
  To: tuhs

This is FYI. No comment on whether it was a good idea or not. :-)

Arnold

> From: Niklas Rosencrantz <niklasro@gmail.com>
> Date: Sun, 19 Sep 2021 17:10:24 +0200
> To: tinycc-devel@nongnu.org
> Subject: Re: [Tinycc-devel] Can tcc compile itself with Apple M1?
>
>
> Hello!
>
> For demonstration purpose I put my experiment with a compiler backdoor in a
> public repository
> https://github.com/montao/ddc-tinyc/blob/857d927363e9c9aaa713bb20adbe99ded76ac615/tcc-evil/tinycc/libtcc.c#L989
>
> It's part of my academic project to work on provable compiler security.
> I tried to do it according to the "Reflections on Trusting Trust" by Ken
> Thompson, not only to show a compiler Trojan horse but also to prove that
> we can discover it.
> What it does is inject arbitrary code to the next version of the compiler
> and so on.
>
> Regards \n

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2021-09-20 14:36 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-20  2:39 [TUHS] Thompson trojan put into practice Douglas McIlroy
2021-09-20  2:50 ` Larry McVoy
2021-09-20  7:12 ` arnold
  -- strict thread matches above, loose matches on Subject: below --
2021-09-20 11:57 Douglas McIlroy
2021-09-20 13:51 ` Ken Thompson
2021-09-20 14:35   ` John P. Linderman
2021-09-20  3:04 Noel Chiappa
2021-09-20  3:21 ` David Arnold
2021-09-20  4:35   ` Earl Baugh
2021-09-20  4:36   ` Earl Baugh
2021-09-19 15:46 arnold
2021-09-19 15:58 ` Al Kossow
2021-09-19 16:02   ` arnold
2021-09-19 16:10   ` John Floren

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).