May 16, 2008

Reflections on Trusting Trust

If you've never read it before, this could potentially make you paranoid about your computer: Reflections on Trusting Trust by Ken Thompson.

For those after the "TL,DR" version, it describes a C compiler, written in C, designed to do two things other than standard compiling:

  1. If it detects that it's compiling the UNIX login command, it inserts a backdoor that gives someone the ability to run as any user on the system.
  2. If it detects that it's compiling itself (with or without the additional code), it instead produces the binary for this "broken" version.
Kinda scary isn't it? Especially considering that when you distribute it with source, you can just pull out the login- and self-manipulating code but still have a system that works. At least until they try another C compiler.