Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!amdcad!sun!pitstop!sundc!seismo!uunet!super!rminnich
From: rminnich@super.ORG (Ronald G Minnich)
Newsgroups: comp.sys.amiga
Subject: Re: The ultimate fix!!!
Message-ID: <825@super.ORG>
Date: 14 Oct 88 12:19:28 GMT
References: <8810092209.AA09182@cory.Berkeley.EDU> <2791@sugar.uu.net> <9997@cup.portal.com>
Sender: uucp@super.ORG
Reply-To: rminnich@duper.UUCP (Ronald G Minnich)
Organization: Supercomputing Research Center, Lanham, MD
Lines: 22

In article <9997@cup.portal.com> dan-hankins@cup.portal.com writes:
>Source sharing isn't perfect (it is possible to write a virus that will
>infect via a combination of source code and executables), but it's much
>better than sharing executable code.
OK, go read (i sound like a broken record) Thompson's ACM article on 
such things. You can build bad things into a compiler and then 
hide them easily. It is TRIVIAL. 
   Somebody got on this discussion with me the other day. Suppose
you wanted to infect everybody. What you might do is take a freely
redistributable program and add enhancements to it, then hand it out
in source form. The program you really want to use would be a really
big one, say 40-60k lines or so, and you want the infection to be 10-20 lines,
so that you could easily hide what you are doing. You would 
also want the lowest common denominator bug common to all unix systems,
but that is easy. 
   Now from this description most of you ought to be able to think
of such a program and such a bug, and realize they ALREADY EXIST,
and you might even wonder:
	Has it already happened?
	(well, actually it has, once, unintentionally)
   You can't trust programs, only people.
ron