From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 5308 invoked from network); 26 Oct 2023 01:56:05 -0000
Received: from minnie.tuhs.org (2600:3c01:e000:146::1)
  by inbox.vuxu.org with ESMTPUTF8; 26 Oct 2023 01:56:05 -0000
Received: from minnie.tuhs.org (localhost [IPv6:::1])
	by minnie.tuhs.org (Postfix) with ESMTP id 813944027D;
	Thu, 26 Oct 2023 11:55:55 +1000 (AEST)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b])
	by minnie.tuhs.org (Postfix) with ESMTPS id 89FBB4027A
	for <tuhs@tuhs.org>; Thu, 26 Oct 2023 11:55:45 +1000 (AEST)
Received: by mail-pj1-x102b.google.com with SMTP id 98e67ed59e1d1-27d292d38c0so289473a91.1
        for <tuhs@tuhs.org>; Wed, 25 Oct 2023 18:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=swtch.com; s=google; t=1698285344; x=1698890144; darn=tuhs.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=DMKQZ+Rec2sP4DKi8yiP05ObM0QpEHowUI1JwjAasrw=;
        b=EIFpdj0Me3TTM46Sg1xsdbpuz3wV+ZOwY1hA01zdTnlAFDgsyBhdG+aGn9noSFOMnM
         YyXFZFRmW9Rpd6D0voGUMC8l/eYhGaeHcFQuhKbD658NVjdAr8Eqfv5Ldc/vEo1eY/d8
         gewzGIyxuzd+ClAvPZFGqLdO18++/qbC7bG1ZEfzK+oyvqCdyzzsDlPniykXr2KDqgb9
         ro1pKx1oy2xnqbuU3FwViRVrNcRA9kAwgr5l5BPbcvXa4rd7GZ0OuvGL9mQmQ6jpsrfM
         Hd+hHcHOoqjKmrEPsoTBCXIb8OJ59auQGgdp+3q8WYB8LrDKJ3BCiJH6SCd7uWUaa050
         b0bw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698285344; x=1698890144;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=DMKQZ+Rec2sP4DKi8yiP05ObM0QpEHowUI1JwjAasrw=;
        b=qDI5Olj92xJzuMaCw/EiRnW0u88Da83EiVoL3HYs8zWUw4ChuycJcIauEqD+PxNIxR
         ZLVXLImYgnXX1WufTdF5PhOB2mZhDpGzANNSXc1i5j48Z3q3Lc79OwwItBHTOXmbTohS
         VwSVu1Z9/pVz9ayefVoRKoLTUhItbT4YMHuGItGXQcqwHMS3zlGcpggkVKHX7U/rr4uj
         aP0Shpi6WAfRADy1SKNGzHCD1PrFYnGtHxvJMcA9CbwGG4l0WWRJAyhLn+2Uqa8PH3N4
         7yBTCYJAztG9Iy4ZI9xj4IPnVLJaRp8bYtPiaf73WktqvRuAE8q1cTf+o+UB2mr9Kjlv
         o+hg==
X-Gm-Message-State: AOJu0YxRIzYK0i6j1bQG5aMrsKj6xvSg9nMO6QjWkr+uzTJ0mh6Yc+VH
	Bp/gPRE6abPdMyEvJlVEx82PCyPfQor6QGae/xYUimNWecXy0h6DnG8x
X-Google-Smtp-Source: AGHT+IHELMzcHJoDWF/ckHUk1MPC88PjB3PbJjHJ8hixLur0SIiuMmPPAULg4+MgpcXNUVMHoV5inP6dOqrEzIFuU2M=
X-Received: by 2002:a17:90b:1916:b0:27c:f905:d6d0 with SMTP id
 mp22-20020a17090b191600b0027cf905d6d0mr13305679pjb.24.1698285344184; Wed, 25
 Oct 2023 18:55:44 -0700 (PDT)
MIME-Version: 1.0
From: Russ Cox <rsc@swtch.com>
Date: Wed, 25 Oct 2023 21:55:33 -0400
Message-ID: <CADSkJJWwQxgt6rUFFn3SOuc+B+WpD1rm_eseSRsgW31UYMkMbA@mail.gmail.com>
To: tuhs@tuhs.org
Content-Type: text/plain; charset="UTF-8"
Message-ID-Hash: SH6ZRKYTTRHCO62ANEJKY4KFE5POVJST
X-Message-ID-Hash: SH6ZRKYTTRHCO62ANEJKY4KFE5POVJST
X-MailFrom: rsc@swtch.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.6b1
Precedence: list
Subject: [TUHS] trusting trust code
List-Id: The Unix Heritage Society mailing list <tuhs.tuhs.org>
Archived-At: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/message/SH6ZRKYTTRHCO62ANEJKY4KFE5POVJST/>
List-Archive: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/>
List-Help: <mailto:tuhs-request@tuhs.org?subject=help>
List-Owner: <mailto:tuhs-owner@tuhs.org>
List-Post: <mailto:tuhs@tuhs.org>
List-Subscribe: <mailto:tuhs-join@tuhs.org>
List-Unsubscribe: <mailto:tuhs-leave@tuhs.org>

Hi all,

Ken mailed me the code for the compiler backdoor.
I have annotated it and posted it at https://research.swtch.com/nih.

As part of the post, I wrote a new simulator that can run V6 binaries.
The simulator is a halfway point between the designs of simh and apout.
It is running a translation of the V6 kernel to Go (with no hardware)
and running user binaries on a simulated PDP11 CPU. The result combines
apout's "easy to run" with simh's "v6-specific system calls work".
In particular, it is good enough to run the backdoored login command,
which apout simply cannot due to host OS tty handling not being like V6,
and without having to fuss with disk pack images like in simh.

If you have Go installed locally, you can run the new simulator with
    go run rsc.io/unix/v6run@latest
You can also run it in your browser at https://research.swtch.com/v6.

Finally, it turns out that the backdoor code was published this summer
in the TUHS archive, but no one noticed. It is in dmr_tapes.tgz [1] in the file
dmr_tapes/ken-sky/tp/nih.a. It is also visible in the dmr_tapes/ken/bits
tape image, although not in the extracted files.

Enjoy!

Best,
Russ

[1] https://www.tuhs.org/Archive/Applications/Dennis_Tapes/