Niiiiice. -sc
> -----Original Message----- > From: Angus Scott-Fleming [mailto:[email protected]] > Sent: Tuesday, August 04, 2009 3:09 AM > To: NT System Admin Issues > Subject: Re: OT: Reruns... > > On 3 Aug 2009 at 19:52, Peter van Houten wrote: > > > Considering that the list is a bit slow today; for those that missed > it > > the first time it passed through the list, this is still up there > with > > the better ideas/pieces of code ever written. Any other offers? > > > > http://ge.ecomagination.com/smartgrid/#/augmented_reality > > One of the best pieces of code ever written IMHO is the original C > compiler for > Unix. The author, Ken Thompson, added code to the compiler to > recognize when > it was compiling the "login" command, and to insert the binary code for > a back > door in "login" that would let him in even if the back door was not in > the > source code being compiled. He then rewrote the compiler to recognize > that it > was compiling itself, and to add back the binary code to add the back > door to > the login command. He then changed the source code to the C compiler > to remove > evidence that he had done this, and then recompiled the compiler > binary. The > compiler source had no evidence this had been done, but this gave him a > back > door into every Unix system that was built based on this C compiler. > > Documented here: > > ------- Included Stuff Follows ------- > ACM Classic: Reflections on Trusting Trust > > The moral is obvious. You can't trust code that you did not totally > create > yourself. (Especially code from companies that employ people like > me.) No > amount of source-level verification or scrutiny will protect you > from > using untrusted code. In demonstrating the possibility of this kind > of > attack, I picked on the C compiler. I could have picked on any > program- > handling program such as an assembler, a loader, or even hardware > microcode. As the level of program gets lower, these bugs will be > harder > and harder to detect. A well installed microcode bug will be almost > impossible to detect. > > --------- Included Stuff Ends --------- > More here with links: > http://cm.bell-labs.com/who/ken/trust.html > > > -- > Angus Scott-Fleming > GeoApps, Tucson, Arizona > 1-520-290-5038 > +-----------------------------------+ > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
