Re: getting around Ken Thompson's compiler Trojan

From: Barry Margolin (barmar@genuity.net)
Date: 01/28/03

• Next message: Richard Caley: "Re: getting around Ken Thompson's compiler Trojan"
• Previous message: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
• In reply to: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
• Next in thread: Richard Caley: "Re: getting around Ken Thompson's compiler Trojan"
• Reply: Richard Caley: "Re: getting around Ken Thompson's compiler Trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Barry Margolin <barmar@genuity.net>
Date: Tue, 28 Jan 2003 00:45:24 GMT

In article <b14bib$tqk$1@atlas.dgp.toronto.edu>,
Alan J Rosenthal <flaps@dgp.toronto.edu> wrote:
>If you know the "is this the compiler" algorithm, you can come up with a
>transformation on the compiler source code which fools it. It needn't be as
>sophisticated as a general-purpose obfuscator.
>
>If you _don't_ know the "is this the compiler" algorithm, you _can't_ come
>up with a transformation on the compiler source code which is guaranteed to
>fool it, said transformation being your obfuscator or any other algorithm
>or hand-implemented tweak.

And if you can make an educated guess of the algorithm, you have a good
shot at coming up with a transformation.

BTW, not only does the compiler have to recognize itself, but it also has
to recognize the login program, so it can reinsert the backdoor.

-- 
Barry Margolin, barmar@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

---

• Next message: Richard Caley: "Re: getting around Ken Thompson's compiler Trojan"
• Previous message: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
• In reply to: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
• Next in thread: Richard Caley: "Re: getting around Ken Thompson's compiler Trojan"
• Reply: Richard Caley: "Re: getting around Ken Thompson's compiler Trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: getting around Ken Thompsons compiler Trojan ... transformation on the compiler source code which fools it. ... said transformation being your obfuscator or any other algorithm ... (comp.security.unix) Fast Generators of Incomplete Solutions for Prime Queens ... problem are described and implemented in Scheme: queens-prime, ... The queens-prime algorithm ... include the following constraint in our set of constraints: ... For example the following transformation produces a set of ... (comp.lang.scheme) Re: JSH: Binary quadratic Diophantines ... refers to the transformation of a quadratic equation in two variables ... Step 2 algorithm solves the simpler form. ... that Diophantine equations ARE special in various ways. ... But the world will not know until someone does the math. ... (sci.physics) REPOST: Identity as Mathematical and Computer Theory- resolver ... A curve as the third order function is to be written, ... So to test the function an algorithm to symbolically ... A transformation of number order to the function's ... or number order detector demonstrated. ... (sci.crypt) REPOST: Identity as Mathematical and Computer Theory- resolver ... So to test the function an algorithm to symbolically ... A transformation of number order to the function's ... computer theory for cryptographic application. ... or number order detector demonstrated. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2003-01