Path: utzoo!attcan!uunet!husc6!think!ames!oliveb!sun!gorodish!guy
From: guy@gorodish.Sun.COM (Guy Harris)
Newsgroups: comp.unix.questions
Subject: Re: Password Choices
Message-ID: <61751@sun.uucp>
Date: 28 Jul 88 00:50:36 GMT
References: <16562@brl-adm.ARPA> <511@ns.UUCP> <1146@ficc.UUCP> <1406@devsys.oakhill.UUCP>
Sender: news@sun.uucp
Lines: 19

> The second story also has to do with security, and I also heard abscribed
> to Kernighan (interesting his name pops up twice in related stories).
> 
> It seems that in the original unix systems one of the programmmers
> left a backdoor in login that allowed him on any user system.  This
> was left in the binary and not the source so that regenerating
> login would cure it, but since most original systems just copied the
> binary, this trap was left in.

In his 1983 Turing award lecture, in the August 1984 CACM, Ken Thomson ascribes
it to himself; the backdoor was actually in the C compiler (preprocessor,
probably) - if it compiled itself, it stuck the backdoor in, and if it compiled
"login", it stuck the other backdoor in.  Thus, even if *did* regenerate
"login", it wouldn't be cured, and even if you *did* have the source, you might
never find it.

He later ascribes the idea to an Air Force critique of an early Multics
implementation; he didn't remember what the document was that contained the
critique, and asked anybody who did know it to let him know.