Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!know!samsung!zaphod.mps.ohio-state.edu!sunybcs!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: VALDIS@VTVM1.CC.VT.EDU (Valdis Kletnieks) Newsgroups: comp.virus Subject: Re: other ways for viral injection ? Message-ID: <0006.9007251734.AA25443@ubu.cert.sei.cmu.edu> Date: 25 Jul 90 16:59:49 GMT Sender: Virus Discussion List Lines: 42 Approved: krvw@sei.cmu.edu >Date: 24 Jul 90 13:42:46 +0000 >From: lath@geocub.greco-prog.fr (Laurent Lathieyre) >Subject: other ways for viral injection ? >... > > Alike, did some Trojan horses be discovered in some >operating systems ? I wonder if operating systems shouldn't >preferably be delivered in source form rather than in >compiled form... Even source form is not foolproof.... Consider the following (due to either (I think) Thompson or Ritchie, I forget which): (/bin/login is the Unix login processor, /bin/cc is the C compiler) They took the source for /bin/login, put in a trapdoor. They recompile, then put the old source back. OK.. Backdoor installed, but it goes away the next time you recompile /bin/login. Step two: You modify /bin/cc to recognize when it is compiling /bin/login (takes a lot of context-sensitive matching, but can be done). Have it insert the code you want at the appropriate point. Now we have a clean source for /bin/login, that regenerates when you recompile it. However, recompiling the C compiler, and then recompiling /bin/login removes it. Step 3: You modify /bin/cc some more, to (a) insert the /bin/login modification and (b) insert itself if recompiling /bin/cc (i.e. a self-replicating modification). You then put in a *clean* version of the cc and login sources, and recompile EVERYTHING. The sources all look OK, and every time you recompile /bin/login, the trapdoor is inserted, and everytime you recompile /bin/cc, the code to INSERT the trapdoor is inserted. The only way to recover from this is to restore the C compiler from a backup tape, and recompile everything... The citation went on to say that they actually DID these changes to the C compiler, just to see if they were doable. No version was ever released to the outside world, but the NSA was bidding for Unix systems and there was great temptation.... Valdis Kletnieks