Newsgroups: alt.sys.pdp10,alt.folklore.computers,comp.lang.lisp,alt.os.multics
Path: cantaloupe.srv.cs.cmu.edu!rochester!udel!gatech!swrinde!pipex!insignia!blackdeath.isltd.insignia.com!rich
From: R!ch <rich@isltd.insignia.com>
Subject: Re: Thompson's login Trojan Horse [was: Re: Retro-Computing!] 
In-Reply-To: <3n0hac$j2s@crcnis3.unl.edu> 
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.OSF.3.91.950418162432.366A-100000@blackdeath.isltd.insignia.com>
Sender: news@isltd.insignia.com (Usenet News)
Nntp-Posting-Host: blackdeath.isltd.insignia.com
Organization: Insignia Solutions Ltd
References: <D5yxwn.5BG@sdf.saomai.org> <WGD.95Apr17091443@martigny.ai.mit.edu> <3mulpf$pte@xcalibur.IntNet.net> <WGD.95Apr17215015@martigny.ai.mit.edu> <D78EvB.Aon@bonkers.taronga.com> <3n0hac$j2s@crcnis3.unl.edu> 
Mime-Version: 1.0
Date: Tue, 18 Apr 1995 15:30:15 GMT
Lines: 42

On 18 Apr 1995, jhesse wrote:

> Peter da Silva (peter@bonkers.taronga.com) wrote:
> : In article <WGD.95Apr17215015@martigny.ai.mit.edu>,
> : Bill Dubuque <wgd@zurich.ai.mit.edu> wrote:
> : >"The actual bug I planted in the compiler would match code in 
> : >the UNIX "login" command..."
> 
> : I always heard he implemented it but didn't distribute it.
> 
> What did "it" do?

From what I can remember this is what it did:

Ken Thomson hacked the login program to recognise him, and to always let him
in (as root?), even if he didn't have an account on the machine.  He reasoned
that someone might suss what was going on, so he also hacked the C compiler to
recognise that it was compiling the login source, and to re-insert his trojan
horse code.

Fine, but what happens if someone sees the source to the modified compiler,
deletes the offending code, and *then* recompiles login?  Easy - he also
modified the compiler to recognise that it was compiling itself, and it patch
itself to do the login hack.  Once this version of the compiler existed, he
could delete (or hide) the hacked compiler source, and without lots of
careful grovelling, no-one would be any the wiser to the hack.

Real life, or just folklore?  I dunno, but it sure sounds like a neat hack.  :-)

---
R!ch

If it ain't analogue, it ain't music.
#include <disclaimer.h>                      \\|// - ?
                                             (o o)
          /==============================oOOo=(_)=oOOo=====\
          |  Richard Teer         rich@isltd.insignia.com  |
          |  Insignia Solutions                            |
          |                           Voice: 01494 453409  |
          |                           Fax:   01494 459720  |
          \================================================/

