I read some stuff like cm bell labs but i couldn't get it all. How does it work really? What is the logic in that?
Asked
Active
Viewed 2.4k times
1 Answers
35
Reflections on Trusting Trust is a lecture by Ken Thompson in which he explains the hack. Briefly:
- he hacked
/bin/loginto introduce a backdoor. - he did this by hacking the compiler to introduce the backdoor into a binary whenever it detected that it was compiling the
loginsource code. - he also hacked the compiler to introduce the backdoor-producing code into the compiler whenever it detected it was compiling that.
His point was that you might think "I don't trust this binary, I'll build it from source" but now you're in a state of recursive paranoia. If you don't trust the binary, why do you trust the compiler binary? You don't, so you build the compiler: but why do you trust the compiler binary to produce a trustworthy compiler?