Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!tci!kempf
From: kempf@tci.UUCP (Cory Kempf)
Newsgroups: comp.unix.wizards
Subject: Re: UNIX and viruses
Message-ID: <276@tci.UUCP>
Date: 16 Jun 89 20:17:05 GMT
References: <16655@rpp386.Dallas.TX.US> <8800020@gistdev>
Reply-To: kempf@tci.UUCP (Cory Kempf)
Organization: Technology Concepts, Inc. Sudbury Mass.
Lines: 23

In article <8800020@gistdev> flint@gistdev.UUCP writes:
>
>Having the sources to the compiler won't help much: the person who wrote
>the backdoor can have it sitting right there in the code and you probably
>won't know it.  (Yes, if you take the time to figure out what the code is
>doing, for every line of the code, but who is going to do that?  

There is a paper titled "On Trusting Trust", written by Dennis Ritchie
(or was it Ken Thompson? oh well, the two were back to back).  

He brings up some interesting idea about how to insert a bug into
a compiler... As a quick summary, even going through the source
line by line won't help... 

I highly recomend the paper... 
+C


-- 
Cory Kempf		Technology Concepts
40 Tall Pine Dr.	uucp:	{anywhere}!uunet!tci!kempf, kempf@tci.uu.net
Sudbury MA 01776	phone:	(508) 443-7311 x341
DISCLAIMER: TCI is not responsible for my opinions, nor I for theirs