This is FYI. No comment on whether it was a good idea or not. :-)
Arnold
> From: Niklas Rosencrantz <niklasro@gmail.com>
> Date: Sun, 19 Sep 2021 17:10:24 +0200
> To: tinycc-devel@nongnu.org
> Subject: Re: [Tinycc-devel] Can tcc compile itself with Apple M1?
>
>
> Hello!
>
> For demonstration purpose I put my experiment with a compiler backdoor in a
> public repository
> https://github.com/montao/ddc-tinyc/blob/857d927363e9c9aaa713bb20adbe99ded76ac615/tcc-evil/tinycc/libtcc.c#L989
>
> It's part of my academic project to work on provable compiler security.
> I tried to do it according to the "Reflections on Trusting Trust" by Ken
> Thompson, not only to show a compiler Trojan horse but also to prove that
> we can discover it.
> What it does is inject arbitrary code to the next version of the compiler
> and so on.
>
> Regards \n
>> For demonstration purpose I put my experiment with a compiler backdoor in a >> public repository >> It's part of my academic project to work on provable compiler security. Sounds like excellent grounds for expulsion. Whatever happened to the people who were submitting poison pull requests at U-Minnesota?
Al Kossow <aek@bitsavers.org> wrote:
> >> For demonstration purpose I put my experiment with a compiler backdoor in a
> >> public repository
>
> >> It's part of my academic project to work on provable compiler security.
>
> Sounds like excellent grounds for expulsion.
>
> Whatever happened to the people who were submitting poison pull requests at U-Minnesota?
>
Supposedly he's able to show that the compiler has been hacked.
[-- Attachment #1: Type: text/plain, Size: 817 bytes --] -------- Original Message -------- On Sep 19, 2021, 8:58 AM, Al Kossow < aek@bitsavers.org> wrote: >> For demonstration purpose I put my experiment with a compiler backdoor in a >> public repository >> It's part of my academic project to work on provable compiler security. Sounds like excellent grounds for expulsion. Whatever happened to the people who were submitting poison pull requests at U-Minnesota? It's in his own fork, in a directory called tcc-evil. He's not exactly sneaking it into the distribution. Calling it expulsion-worthy reminds me of the time a guy phoned the FBI because of an article he read in the NYT: Sandia Labs was running botnets in a virtualized environment! (Could the cluster route to the Internet? No, but he didn't know that, and he didn't care; only bad people have botnets) john [-- Attachment #2: Type: text/html, Size: 875 bytes --]
> It's part of my academic project to work on provable compiler security.
> I tried to do it according to the "Reflections on Trusting Trust" by Ken
> Thompson, not only to show a compiler Trojan horse but also to prove that
> we can discover it.
Of course it can be discovered if you look for it. What was impressive about
the folks who got Thompson's compiler at PWB is that they found the horse
even though they weren't looking for it.
Then there was the first time Jim Reeds and I turned on integrity control in
IX, our multilevel-security version of Research Unix. When it reported
a security
violation during startup we were sure it was a bug. But no, it had snagged Tom
Duff's virus in the act of replication. It surprised Tom as much as it did us,
because he thought he'd eradicated it.
Doug
On Sun, Sep 19, 2021 at 10:39:25PM -0400, Douglas McIlroy wrote: > > It's part of my academic project to work on provable compiler security. > > I tried to do it according to the "Reflections on Trusting Trust" by Ken > > Thompson, not only to show a compiler Trojan horse but also to prove that > > we can discover it. > > Of course it can be discovered if you look for it. What was impressive about > the folks who got Thompson's compiler at PWB is that they found the horse > even though they weren't looking for it. > > Then there was the first time Jim Reeds and I turned on integrity control in > IX, our multilevel-security version of Research Unix. When it reported > a security > violation during startup we were sure it was a bug. But no, it had snagged Tom > Duff's virus in the act of replication. It surprised Tom as much as it did us, > because he thought he'd eradicated it. > > Doug This is the first I've heard of Tom Duff's virus, what was that? -- --- Larry McVoy lm at mcvoy.com http://www.mcvoy.com/lm
[-- Attachment #1: Type: text/plain, Size: 503 bytes --] I think that’s the first time I’ve seen Gerrold’s When H.A.R.L.I.E was One cited alongside Shockwave Rider as anticipating computer viruses. Since we’re saving each other searching today, here’s a link to the author’s page for anyone else who, like me, hasn’t read it and wants to. https://www.gerrold.com/book/when-harlie-was-one/ d > On 20 Sep 2021, at 13:05, jnc@mercury.lcs.mit.edu wrote: > > https://googlethatforyou.com/?q=Tom%20Duff%20Virus > > Noel [-- Attachment #2: Type: text/html, Size: 1033 bytes --]
[-- Attachment #1: Type: text/plain, Size: 772 bytes --] FYI that’s the 2nd modified version. The first version ends much differently. See tha author note as to the background. Earl Sent from my iPhone > On Sep 19, 2021, at 11:30 PM, David Arnold <davida@pobox.com> wrote: > > I think that’s the first time I’ve seen Gerrold’s When H.A.R.L.I.E was One cited alongside Shockwave Rider as anticipating computer viruses. > > Since we’re saving each other searching today, here’s a link to the author’s page for anyone else who, like me, hasn’t read it and wants to. > > https://www.gerrold.com/book/when-harlie-was-one/ > > > > > d > >>> On 20 Sep 2021, at 13:05, jnc@mercury.lcs.mit.edu wrote: >>> >> https://googlethatforyou.com/?q=Tom%20Duff%20Virus >> >> Noel [-- Attachment #2: Type: text/html, Size: 1538 bytes --]
[-- Attachment #1: Type: text/plain, Size: 723 bytes --] Btw he also wrote the famous Star Trek episode - The Trouble with Tribbles. Earl Sent from my iPhone > On Sep 19, 2021, at 11:30 PM, David Arnold <davida@pobox.com> wrote: > > I think that’s the first time I’ve seen Gerrold’s When H.A.R.L.I.E was One cited alongside Shockwave Rider as anticipating computer viruses. > > Since we’re saving each other searching today, here’s a link to the author’s page for anyone else who, like me, hasn’t read it and wants to. > > https://www.gerrold.com/book/when-harlie-was-one/ > > > > > d > >>> On 20 Sep 2021, at 13:05, jnc@mercury.lcs.mit.edu wrote: >>> >> https://googlethatforyou.com/?q=Tom%20Duff%20Virus >> >> Noel [-- Attachment #2: Type: text/html, Size: 1470 bytes --]
Douglas McIlroy <douglas.mcilroy@dartmouth.edu> wrote:
> > It's part of my academic project to work on provable compiler security.
> > I tried to do it according to the "Reflections on Trusting Trust" by Ken
> > Thompson, not only to show a compiler Trojan horse but also to prove that
> > we can discover it.
>
> Of course it can be discovered if you look for it. What was impressive about
> the folks who got Thompson's compiler at PWB is that they found the horse
> even though they weren't looking for it.
I had not heard this story. Can you elaborate, please? My impression from having
read the paper (a long time ago now) is that Ken did the experiment locally only.
Thanks,
Arnold
>> > It's part of my academic project to work on provable compiler security. >> > I tried to do it according to the "Reflections on Trusting Trust" by Ken >> > Thompson, not only to show a compiler Trojan horse but also to prove that >> > we can discover it. >> >> Of course it can be discovered if you look for it. What was impressive about >> the folks who got Thompson's compiler at PWB is that they found the horse >> even though they weren't looking for it. > I had not heard this story. Can you elaborate, please? My impression from having > read the paper (a long time ago now) is that Ken did the experiment locally only. Ken did it locally, but a vigilant person at PWB noticed there was an experimental compiler on the research machine and grabbed it. While they weren't looking for hidden stuff, they probably were trying to find what was new in the compiler. Ken may know details about what they had in the way of source and binary. Doug
[-- Attachment #1: Type: text/plain, Size: 1326 bytes --] pwb recompiled the compiler and it got 1 byte larger. again, another byte. after that they played with it until they broke the quine part. i am not sure that if they ever realized what was going on. the extra byte was my bug. On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy < douglas.mcilroy@dartmouth.edu> wrote: > >> > It's part of my academic project to work on provable compiler > security. > >> > I tried to do it according to the "Reflections on Trusting Trust" by > Ken > >> > Thompson, not only to show a compiler Trojan horse but also to prove > that > >> > we can discover it. > >> > >> Of course it can be discovered if you look for it. What was impressive > about > >> the folks who got Thompson's compiler at PWB is that they found the > horse > >> even though they weren't looking for it. > > > I had not heard this story. Can you elaborate, please? My impression > from having > > read the paper (a long time ago now) is that Ken did the experiment > locally only. > > Ken did it locally, but a vigilant person at PWB noticed there was an > experimental > compiler on the research machine and grabbed it. While they weren't > looking for > hidden stuff, they probably were trying to find what was new in the > compiler. Ken > may know details about what they had in the way of source and binary. > > Doug > [-- Attachment #2: Type: text/html, Size: 1834 bytes --]
[-- Attachment #1: Type: text/plain, Size: 1693 bytes --] My recollection is that Larry Wehr ran nm on the compiler, possibly in response to the extra-byte quirk, and found a subroutine reference with no appearance in the source. If Ken hadn't kept the code so modular, they might never have noticed. On Mon, Sep 20, 2021 at 9:53 AM Ken Thompson <kenbob@gmail.com> wrote: > > pwb recompiled the compiler and it got 1 byte larger. > again, another byte. after that they played with it > until they broke the quine part. i am not sure that > if they ever realized what was going on. > > the extra byte was my bug. > > > On Mon, Sep 20, 2021 at 4:58 AM Douglas McIlroy < > douglas.mcilroy@dartmouth.edu> wrote: > >> >> > It's part of my academic project to work on provable compiler >> security. >> >> > I tried to do it according to the "Reflections on Trusting Trust" by >> Ken >> >> > Thompson, not only to show a compiler Trojan horse but also to prove >> that >> >> > we can discover it. >> >> >> >> Of course it can be discovered if you look for it. What was impressive >> about >> >> the folks who got Thompson's compiler at PWB is that they found the >> horse >> >> even though they weren't looking for it. >> >> > I had not heard this story. Can you elaborate, please? My impression >> from having >> > read the paper (a long time ago now) is that Ken did the experiment >> locally only. >> >> Ken did it locally, but a vigilant person at PWB noticed there was an >> experimental >> compiler on the research machine and grabbed it. While they weren't >> looking for >> hidden stuff, they probably were trying to find what was new in the >> compiler. Ken >> may know details about what they had in the way of source and binary. >> >> Doug >> > [-- Attachment #2: Type: text/html, Size: 2503 bytes --]