Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!lll-winken!lll-tis!ames!mailrus!uwmcsd1!nic.MR.NET!umn-cs!hall!blu From: blu@hall.cray.com (Brian Utterback) Newsgroups: comp.unix.questions Subject: Re: Password Choices Message-ID: <8502@hall.cray.com> Date: 11 Aug 88 19:58:27 GMT Article-I.D.: hall.8502 References: <16562@brl-adm.ARPA| <511@ns.UUCP> <1146@ficc.UUCP> <1406@devsys.oakhill.UUCP> <8073@alice.UUCP> Reply-To: blu@hall.UUCP (Brian Utterback) Organization: Cray Research, Inc., Mendota Heights, MN Lines: 38 In article <8073@alice.UUCP| ark@alice.UUCP writes: |In article <1406@devsys.oakhill.UUCP>, steve@oakhill.UUCP writes: |> It seems that in the original unix systems one of the programmmers |> left a backdoor in login that allowed him on any user system. This |> was left in the binary and not the source so that regenerating |> login would cure it, but since most original systems just copied the |> binary, this trap was left in. |> |> I don't believe either of these stories are true. | |This one is, almost. | [ Description Deleted] |Notice the situation after he was done: he had a trap door in login, |yet all the source code everywhere in the system was precisely what |it had been before he started. Moreover, recompiling any part of |the system would leave his trap door intact. | |To convince yourself that this story is not a myth, go through |back issues of Communications of the ACM until you find the |Turing Award lectures by Thompson and Ritchie. I think it was just Thompson. The key word here is almost. In the Turing lecture, this was presented as a scenario, not as a historical reference. It is clear after reading the article that what is done is a little beyond the state of the art in artificial intelligence. But only a little. After the lecture was entitled "Reflections on Trusting Trust" not "How I Broke Login". His point is that theoretically, to trust a program to be trap free, one must have verified it in the source for the program, all the previous source, the source for the compiler and all the previos source for the compiler. -- Brian Utterback |UUCP:{ihnp4!cray,sun!tundra}!hall!blu | "Aunt Pheobe, Cray Research Inc. |ARPA:blu%hall.cray.com@uc.msc.umn.edu | we looked like One Tara Blvd. #301 | | Smurfs!" Nashua NH. 03062 |Tele:(603) 888-3083 |