Re: getting around Ken Thompson's compiler Trojan

From: Richard Caley (MYFIRSTNAME@MYLASTNAME.org.uk)
Date: 01/28/03

• Next message: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Previous message: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• In reply to: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Next in thread: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Reply: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Reply: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Richard Caley <MYFIRSTNAME@MYLASTNAME.org.uk>
Date: Tue, 28 Jan 2003 10:42:01 GMT

In article <EokZ9.19$1R3.680@paloalto-snr1.gtei.net>, Barry Margolin (bm) writes:

bm> BTW, not only does the compiler have to recognize itself, but it also has
bm> to recognize the login program, so it can reinsert the backdoor.

The little nerd who lives in my head is jumping up and down and making
me post the fact that recognising the compiler is almost certainly an
undecidable problem.

We now return you to our regularly scheduled real world.

In the real world, we only need to cope with the current compiler and
known class of obfuscators. Either you'd be making a shotgun attack on
many machines, in which case some will use obfuscators you can fool
(just as some will have unpatched SQL servers), or you are
concentrating on a desired target, in which case you can look and see
what is going on.

Of course, the real trick is to trojan the obfucator along with the
compiler and login.:-)

-- 
Mail me as MYFIRSTNAME@MYLASTNAME.org.uk        _O_
                                                 |<

---

• Next message: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Previous message: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• In reply to: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Next in thread: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Reply: Barry Margolin: "Re: getting around Ken Thompson's compiler Trojan"
• Reply: Alan J Rosenthal: "Re: getting around Ken Thompson's compiler Trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Inside an FBI Computer Forensics Lab ... How do you know that your compiler isn't compromised in such a way ... and to compromise that compiler as well. ... If you think such a thing cannot happen to an open Source OS, ... Like, perhaps, a backdoor that will ... (alt.privacy) RE: Re[2]: Solaris telnet vulnberability - how many on your network? ... I like that tautologie, "real backdoors", what makes a backdoor more ... simply the fact that it gives back door access? ... generates "special code" when it recognises it is compiling ... so you think about auditting the code that makes up the compiler.. ... (Bugtraq) Re: Green Hills CEO: Linux threat to free world! ... > recognize when it was compiling login, and generate the backdoor. ... > login recognizer/backdoor generator and the compiler recognizer code. ... There was no sore thumb. ... (comp.arch.embedded) Re: Re[2]: Solaris telnet vulnberability - how many on your network? ... I like that tautologie, "real backdoors", what makes a backdoor more ... so you think about auditting the code that makes up the compiler.. ... experience in computer security. ... general not a back door. ... (Bugtraq) Re: Bootstrapping ANSI CL ... actually - defeating with 100% certainty Ken Thompson's microcode ... When compiling a C compiler, this backdoor is easy to implement, so you ... bootstrap code and verify the memory on the target hardware with a hardware ... (comp.lang.lisp)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2003-01