Hacking

1780 readers

2 users here now

This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.

founded 4 years ago

MODERATORS

[email protected]

Reflections on Trusting Trust (dl.acm.org)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]

1 comments fedilink hide all child comments

The linked paper was pointed out to me during a discussion about trusting executables built from source. Perhaps this paper is a well-known document in the hacking community, but I thought it was quite interesting and thought I'd share it.

The document describes how the author created a bugged C compiler that would compile UNIX code in which the "login" command would insert a backdoor.

The actual bug I planted in the compiler would match code in the UNIX "login" command. The re- placement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.

The author also describes strategies to build such bugged compiler in a way that would be very difficult to detect.

The document ends with a moral statement about hacking with a perspective from 1984 which is also an interesting read.

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 1 year ago

This paper is a true classic.