Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!ames!nrl-cmf!cmcl2!rutgers!bellcore!faline!thumper!ulysses!andante!alice!ark From: ark@alice.UUCP Newsgroups: comp.unix.questions Subject: Re: Password Choices Message-ID: <8073@alice.UUCP> Date: 28 Jul 88 15:04:35 GMT References: <16562@brl-adm.ARPA> <511@ns.UUCP> <1146@ficc.UUCP> <1406@devsys.oakhill.UUCP> Organization: AT&T Bell Laboratories, Liberty Corner NJ Lines: 37 In article <1406@devsys.oakhill.UUCP>, steve@oakhill.UUCP writes: > It seems that in the original unix systems one of the programmmers > left a backdoor in login that allowed him on any user system. This > was left in the binary and not the source so that regenerating > login would cure it, but since most original systems just copied the > binary, this trap was left in. > > I don't believe either of these stories are true. This one is, almost. Once upon a time, Ken Thompson changed three things in the system: 1. He inserted a back door in login. 2. He changed the C compiler to detect whether it was compiling login. If so, he made the compiler insert change #1 into the object code. He could now remove change #2 from the source code of login, leaving it impossible to tell by examining the source code that it had been changed. 3. He changed the C compiler to detect whether it was compiling the C compiler. If so, he made the compiler insert changes #2 and #3 (!) into the object code. He could now remove both changes #2 and #3 from the source code of the C compiler, leaving it impossible to tell by examining the source code that it had been changed. Notice the situation after he was done: he had a trap door in login, yet all the source code everywhere in the system was precisely what it had been before he started. Moreover, recompiling any part of the system would leave his trap door intact. To convince yourself that this story is not a myth, go through back issues of Communications of the ACM until you find the Turing Award lectures by Thompson and Ritchie.