interesting

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
hamei
Posts: 10433
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

interesting

Unread postby hamei » Mon Apr 16, 2007 10:30 am

and it's well past april fool's day ...

http://www-128.ibm.com/developerworks/l ... clnx2.html

Source code reviews

Ken Thompson, one of the original creators of UNIX, discusses in Reflections on trusting trust a number of steps he took that managed to render source code useless for revealing a security issue.

First, he patched the login command to contain a back door that would let him log into any UNIX system with a certain password.

He then patched the C compiler to detect whenever the login command was being compiled. The C compiler would automatically insert the back door into the login program, so there was no need to keep the back door in the source of the login command.

Then, he modified the C compiler to detect when the C compiler itself was compiled from source and to automatically add the login-detection-and-patching code as well as the C-compiler-detection-and-patching code.

The result was a system where the source code did not contain any trace of a backdoor.

User avatar
kshuff
Posts: 2459
Joined: Sat Jan 08, 2005 8:13 pm
Location: Jonas, PA USA
Contact:

Unread postby kshuff » Mon Apr 16, 2007 11:05 am

Neat, now all we need to do is get the password out of him ;)
-ks

:Onyx: :Onyx: :Crimson: :O2000: :Onyx2: :Fuel: :Octane: :Octane2: :PI: :Indigo: :Indigo: :O2: :O2: :Indigo2: :Indigo2: :Indigo2IMP: :Indy: :320: :540: :O3x0: :1600SW: :1600SW: :hpserv:

See them all >here<

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: interesting

Unread postby nekonoko » Mon Apr 16, 2007 11:11 am

hamei wrote:Then, he modified the C compiler to detect when the C compiler itself was compiled from source and to automatically add the login-detection-and-patching code as well as the C-compiler-detection-and-patching code.


So the entire thing falls apart if you switch to another compiler. Obviously not an option back in the day when the entire UNIX tool chain pretty much came from him, but nowadays that would be rough to pull off :)
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
VenomousPinecone
Posts: 2140
Joined: Mon Jun 20, 2005 2:10 pm
Location: Groom Lake, NV

Unread postby VenomousPinecone » Mon Apr 16, 2007 2:03 pm

Thats pretty cool. I like the concept.

nekonoko wrote:So the entire thing falls apart if you switch to another compiler.


So true, but I would imagine most production linux systems (what TFA was talking aboot) would only have gcc.

thisoldsgi
Posts: 89
Joined: Thu Oct 16, 2003 11:09 am
Location: Boston, Massachusetts

Unread postby thisoldsgi » Mon Apr 16, 2007 2:20 pm

VenomousPinecone wrote:So true, but I would imagine most production linux systems (what TFA was talking aboot) would only have gcc.

Actually, the hack described long predates Linux and gcc... these are the old, original Unix systems from pre-breakup AT&T which ran on PDP11's and the like, before 1984. gcc didn't exist until 1987, and Linus Torvalds started working on Linux in 1991.

The entire article by Thomson, "Reflections on Trusting Trust," is here:
http://www.acm.org/classics/sep95/
It's an entertaining read.

User avatar
toxygen
Posts: 318
Joined: Sat Jul 07, 2007 2:19 am
Location: Slovakia
Contact:

Re: interesting

Unread postby toxygen » Mon Jul 09, 2007 6:15 am

actually exactly this trick, but also many others were more deeply described in book Real World Linux Security by bob toxen (this is not an ad :)
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org

User avatar
shyouko
Posts: 262
Joined: Tue Nov 16, 2004 7:01 am
Location: Science & Technology Park, Hong Kong
Contact:

Re: interesting

Unread postby shyouko » Wed Aug 08, 2007 4:53 pm

Um... Guess now I should learn how not to trust my brain.

After all, its origin is unknown! :P

User avatar
jimmer
Donor
Donor
Posts: 464
Joined: Tue Oct 12, 2004 3:54 pm
Location: London, Ingerlund

Re: interesting

Unread postby jimmer » Sat Dec 15, 2007 10:47 am

shyouko wrote:Um... Guess now I should learn how not to trust my brain.

Sounds like you need to see the Lain anime series again....

:)


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 0 guests