From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 31704 invoked from network); 20 Sep 2021 13:53:03 -0000 Received: from minnie.tuhs.org (45.79.103.53) by inbox.vuxu.org with ESMTPUTF8; 20 Sep 2021 13:53:03 -0000 Received: by minnie.tuhs.org (Postfix, from userid 112) id DC9FC9C9DC; Mon, 20 Sep 2021 23:53:00 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id 8934A9C8DF; Mon, 20 Sep 2021 23:52:24 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Z5Sxwz2h"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 3455A9C8DF; Mon, 20 Sep 2021 23:52:20 +1000 (AEST) Received: from mail-lf1-f51.google.com (mail-lf1-f51.google.com [209.85.167.51]) by minnie.tuhs.org (Postfix) with ESMTPS id 51B5B9C8DB for ; Mon, 20 Sep 2021 23:52:19 +1000 (AEST) Received: by mail-lf1-f51.google.com with SMTP id p29so67349124lfa.11 for ; Mon, 20 Sep 2021 06:52:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9ybpBvCpBixx4VNcSPxBCPArsl/uN99ujba87KbI29o=; b=Z5Sxwz2hdJx2Z4qyYYnP66dHELozW1dvyqv/yyvx3b6BdeM2UFFnBw/DNTntT7L/bv ehsuXHvvEUFUsjqqBjWbNSmEo7+ipd8g7MsES4acuLqGU9X5CYDCluKu9EdGbUinmxRr VALEd6FiZmGoLsaU/7dJl2zjvzs8ADUjvfDAM6ZllvA65CEL6ILldelXBc4SGQ1rZcXC dTO43eaVdQPKsQ+INIGJeBDMLaBqKCcMlGFA22oGsteS/yRQ9hNOXDVn33L/Ob6Ttpxv CW+qU+yvPJ5MzZdlHxqWZij7PklJLarSZByJZ/TuanG7Py8Cul8jV44rsKGNNAUTV9Ss 0ttA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9ybpBvCpBixx4VNcSPxBCPArsl/uN99ujba87KbI29o=; b=RvPq4Ptyf/G6PpDodzwxBr/ibM2V5UE3+u4dVB0ANNFljMihw+RNwiXRJOrrQCkc3N hrfmghsdTF4h2E2el3Nhd2Ufu5nRkHJAkVmgIrWdYsQ9La4jUFPFbX5lwpmsbURlUPLs N85ywGVfnaVgHaAjU2OYUTof2K7PpY0Vurk253vG+I2pyb0NLxfchQLKk9iSzXH3Etrs j6THtHg3BfuA+jytVcRahXAgnE7YbLDORU/ekh0Sldfh68Xj/SGRn7nIIhP3bzuWva1S 138+4YaBH8eM6vcaenq6BtbKfBBvprWXkL53joxzYh3W1/oY7pMQh6YsnUv/6K8LVlGX kiKA== X-Gm-Message-State: AOAM532HlwfKY8zoYuq9d35l46vEHNUdMNOCidT3ODmmjyaCq3cUfP4V pjBXGbehwdojXCIjASr5S3IKuGPIux6kQChHG0b4jYc7 X-Google-Smtp-Source: ABdhPJy9ebPME1R3gKGkWPzmgPtn/yKlS3TQSpw5Q/2Z/gk10L0kQcxQmafkwRTUu3rlwJkP53vOppRba1Zu4bbdbkY= X-Received: by 2002:a2e:83ca:: with SMTP id s10mr23112265ljh.335.1632145912126; Mon, 20 Sep 2021 06:51:52 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ken Thompson Date: Mon, 20 Sep 2021 06:51:40 -0700 Message-ID: To: Douglas McIlroy Content-Type: multipart/alternative; boundary="00000000000050628605cc6d9531" Subject: Re: [TUHS] Thompson trojan put into practice X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: TUHS main list Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --00000000000050628605cc6d9531 Content-Type: text/plain; charset="UTF-8" pwb recompiled the compiler and it got 1 byte larger. again, another byte. after that they played with it until they broke the quine part. i am not sure that if they ever realized what was going on. the extra byte was my bug. On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy < douglas.mcilroy@dartmouth.edu> wrote: > >> > It's part of my academic project to work on provable compiler > security. > >> > I tried to do it according to the "Reflections on Trusting Trust" by > Ken > >> > Thompson, not only to show a compiler Trojan horse but also to prove > that > >> > we can discover it. > >> > >> Of course it can be discovered if you look for it. What was impressive > about > >> the folks who got Thompson's compiler at PWB is that they found the > horse > >> even though they weren't looking for it. > > > I had not heard this story. Can you elaborate, please? My impression > from having > > read the paper (a long time ago now) is that Ken did the experiment > locally only. > > Ken did it locally, but a vigilant person at PWB noticed there was an > experimental > compiler on the research machine and grabbed it. While they weren't > looking for > hidden stuff, they probably were trying to find what was new in the > compiler. Ken > may know details about what they had in the way of source and binary. > > Doug > --00000000000050628605cc6d9531 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

pwb recompiled the compiler and it got 1 byte lar= ger.
again, another byte. after that they played with it
until they broke the quine part. i am not sure that
if they eve= r realized what was going on.

the extra byte was m= y bug.


On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy = <douglas.mcilroy@dartmo= uth.edu> wrote:
>> > It's part of my academic project to work on provab= le compiler security.
>> > I tried to do it according to the "Reflections on Trusti= ng Trust" by Ken
>> > Thompson, not only to show a compiler Trojan horse but also t= o prove that
>> > we can discover it.
>>
>> Of course it can be discovered if you look for it. What was impres= sive about
>> the folks who got Thompson's compiler at PWB is that they foun= d the horse
>> even though they weren't looking for it.

> I had not heard this story. Can you elaborate, please? My impression f= rom having
> read the paper (a long time ago now) is that Ken did the experiment lo= cally only.

Ken did it locally, but a vigilant person at PWB noticed there was an
experimental
compiler on the research machine and grabbed it. While they weren't loo= king for
hidden stuff, they probably were trying to find what was new in the
compiler. Ken
may know details about what they had in the way of source and binary.

Doug
--00000000000050628605cc6d9531--