Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!lll-winken!lll-tis!ames!mailrus!uwmcsd1!nic.MR.NET!umn-cs!hall!blu
From: blu@hall.cray.com (Brian Utterback)
Newsgroups: comp.unix.questions
Subject: Re: Password Choices
Message-ID: <8502@hall.cray.com>
Date: 11 Aug 88 19:58:27 GMT
Article-I.D.: hall.8502
References: <16562@brl-adm.ARPA| <511@ns.UUCP> <1146@ficc.UUCP> <1406@devsys.oakhill.UUCP> <8073@alice.UUCP>
Reply-To: blu@hall.UUCP (Brian Utterback)
Organization: Cray Research, Inc., Mendota Heights, MN
Lines: 38

In article <8073@alice.UUCP| ark@alice.UUCP writes:
|In article <1406@devsys.oakhill.UUCP>, steve@oakhill.UUCP writes:
|> It seems that in the original unix systems one of the programmmers
|> left a backdoor in login that allowed him on any user system.  This
|> was left in the binary and not the source so that regenerating
|> login would cure it, but since most original systems just copied the
|> binary, this trap was left in.
|> 
|> I don't believe either of these stories are true.
|
|This one is, almost.
|
              [ Description Deleted]

|Notice the situation after he was done:  he had a trap door in login,
|yet all the source code everywhere in the system was precisely what
|it had been before he started.  Moreover, recompiling any part of
|the system would leave his trap door intact.
|
|To convince yourself that this story is not a myth, go through
|back issues of Communications of the ACM until you find the
|Turing Award lectures by Thompson and Ritchie.

I think it was just Thompson.
The key word here is almost.  In the Turing lecture, this was presented as
a scenario, not as a historical reference.  It is clear after reading the
article that what is done is a little beyond the state of the art in 
artificial intelligence.  But only a little.   After the lecture was
entitled "Reflections on Trusting Trust" not "How I Broke Login". 
His point is that theoretically, to trust a program to be trap free, one
must have verified it in the source for the program,  all the previous source,
the source for the compiler and all the previos source for the compiler.


-- 
Brian Utterback     |UUCP:{ihnp4!cray,sun!tundra}!hall!blu |  "Aunt Pheobe, 
Cray Research Inc.  |ARPA:blu%hall.cray.com@uc.msc.umn.edu |  we looked like
One Tara Blvd. #301 |                                      |    Smurfs!"
Nashua NH. 03062    |Tele:(603) 888-3083                   |