The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
From: Douglas McIlroy <douglas.mcilroy@dartmouth.edu>
To: TUHS main list <tuhs@minnie.tuhs.org>
Subject: [TUHS] Thompson trojan put into practice
Date: Mon, 20 Sep 2021 07:57:02 -0400	[thread overview]
Message-ID: <CAKH6PiVEHTfmdpz2iPwm1oSoL2r15WGfEU6xAdE60wq0xubWfw@mail.gmail.com> (raw)

>> > It's part of my academic project to work on provable compiler security.
>> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
>> > Thompson, not only to show a compiler Trojan horse but also to prove that
>> > we can discover it.
>>
>> Of course it can be discovered if you look for it. What was impressive about
>> the folks who got Thompson's compiler at PWB is that they found the horse
>> even though they weren't looking for it.

> I had not heard this story. Can you elaborate, please? My impression from having
> read the paper (a long time ago now) is that Ken did the experiment locally only.

Ken did it locally, but a vigilant person at PWB noticed there was an
experimental
compiler on the research machine and grabbed it. While they weren't looking for
hidden stuff, they probably were trying to find what was new in the
compiler. Ken
may know details about what they had in the way of source and binary.

Doug

             reply	other threads:[~2021-09-20 11:58 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-09-20 11:57 Douglas McIlroy [this message]
2021-09-20 13:51 ` Ken Thompson
2021-09-20 14:35   ` John P. Linderman
2021-09-20 14:48 ` [TUHS] On UNIX Trojans Ron Natalie
  -- strict thread matches above, loose matches on Subject: below --
2021-09-20  3:04 [TUHS] Thompson trojan put into practice Noel Chiappa
2021-09-20  3:21 ` David Arnold
2021-09-20  4:35   ` Earl Baugh
2021-09-20  4:36   ` Earl Baugh
2021-09-20  2:39 Douglas McIlroy
2021-09-20  2:50 ` Larry McVoy
2021-09-20  7:12 ` arnold
2021-09-19 15:46 arnold
2021-09-19 15:58 ` Al Kossow
2021-09-19 16:02   ` arnold
2021-09-19 16:10   ` John Floren

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAKH6PiVEHTfmdpz2iPwm1oSoL2r15WGfEU6xAdE60wq0xubWfw@mail.gmail.com \
    --to=douglas.mcilroy@dartmouth.edu \
    --cc=tuhs@minnie.tuhs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).