Re: OT: Reruns...

Tue, 04 Aug 2009 00:09:00 -0700 

On 3 Aug 2009 at 19:52, Peter van Houten  wrote:

> Considering that the list is a bit slow today; for those that missed it
> the first time it passed through the list, this is still up there with
> the better ideas/pieces of code ever written. Any other offers?
> 
> http://ge.ecomagination.com/smartgrid/#/augmented_reality

One of the best pieces of code ever written IMHO is the original C compiler for 
Unix.  The author, Ken Thompson, added code to the compiler to recognize when 
it was compiling the "login" command, and to insert the binary code for a back 
door in "login" that would let him in even if the back door was not in the 
source code being compiled.  He then rewrote the compiler to recognize that it 
was compiling itself, and to add back the binary code to add the back door to 
the login command.  He then changed the source code to the C compiler to remove 
evidence that he had done this, and then recompiled the compiler binary.  The 
compiler source had no evidence this had been done, but this gave him a back 
door into every Unix system that was built based on this C compiler.

Documented here:

------- Included Stuff Follows ------- 
ACM Classic: Reflections on Trusting Trust

    The moral is obvious. You can't trust code that you did not totally create 
    yourself. (Especially code from companies that employ people like me.) No 
    amount of source-level verification or scrutiny will protect you from 
    using untrusted code. In demonstrating the possibility of this kind of 
    attack, I picked on the C compiler. I could have picked on any program-
    handling program such as an assembler, a loader, or even hardware 
    microcode. As the level of program gets lower, these bugs will be harder 
    and harder to detect. A well installed microcode bug will be almost 
    impossible to detect. 

--------- Included Stuff Ends ---------
More here with links:
    http://cm.bell-labs.com/who/ken/trust.html


--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+-----------------------------------+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to