I have been asked to audit some source code to see if the programmer inserted a backdoor. (The code processes input from general users, and has access to the bits that control the privilege levels of those users, so backdoors are quite possible.) The question I have is what obscure techniques should I be on the lookout for. Besides the obvious /* Begin backdoor code */ of course. :-) The code is in ANSI C.
Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | The principal effect of| Periwinkle -- Consulting (408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave. [EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA
