getting around Ken Thompson's compiler Trojan
From: Chris Marshall (christopherlmarshall@yahoo.com)
Date: 01/22/03
- Next message: Richard Caley: "Re: privacy on Unix-servers"
- Previous message: phn@icke-reklam.ipsec.nu: "Re: privacy on Unix-servers"
- Next in thread: Casper H.S. ***: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Casper H.S. ***: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Alun Jones: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: stanislav shalunov: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: christopherlmarshall@yahoo.com (Chris Marshall) Date: 22 Jan 2003 13:11:08 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was discussing Thompson's famous compiler/login trojan recently and
suggested the following procedure for getting around such attacks.
Can anyone poke any holes in this?
Let's assume that your copy of gcc has a Thompson-like trojan in it,
and that the source code for gcc is clean (uncorrupted). When
recompiling the clean source with the dirty (trojan carrying) binary,
you produce a dirty binary.
First, write a program to obfuscate the source code of any other program
by randomizing the variable and function names, as well as the names
of the source code files.
Use the corrupted gcc to build the obfuscated gcc. The "am I compiling
the compiler?" code in the corrupted gcc won't detect that it is
compiling the compiler and will produce an uncorrupted binary of the
compiler.
Then use the new clean compiler (with the obfuscated symbol table)
to build the clean gcc source, and you will have an uncorrupted,
unobfuscated binary of the compiler which, when fed the clean gcc
source, reproduces itself exactly.
Now, of course, if you knew exactly how I was obfuscating a program,
you might be able to come up with a way to detect when you were
compiling a compiler that worked on obfuscated source. If I knew
your detection algorithm, though, I could change my obfuscation
algorithm to defeat you. My sense is that obfuscation is easier
than detection, although I don't know how you would prove such
a thing.
I think the relevant point here is that it is much easier to
write an obfuscating program than a compiler, and certainly much
easier than scrutinizing the assembly code of a compiler.
Chris Marshall
christopherlmarshall@yahoo.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+LwfH1b505DiNcu4RAmphAKCpP91yWkO9+60frkN3e4vSmtYQQACgjH0p
X0Ukb2nqWlzbn0p1ed6+mpI=
=JSYb
-----END PGP SIGNATURE-----
- Next message: Richard Caley: "Re: privacy on Unix-servers"
- Previous message: phn@icke-reklam.ipsec.nu: "Re: privacy on Unix-servers"
- Next in thread: Casper H.S. ***: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Casper H.S. ***: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Alun Jones: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: stanislav shalunov: "Re: getting around Ken Thompson's compiler Trojan"
- Reply: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
