Re: Trusting GNAT for security software

Nick Roberts <Nick.Roberts@dial.pipex.com> writes:


        NR> [ Ken Thompson put a self-replicating back door into a version
        NR> of cc and login in Unix ]


        NR> [big snip] [Ken described this in his Turing award lecture. I
        NR> never saw any evidence that it leaked into any distributed
        NR> version of Unix, and even if it did, that was a very old
        NR> PDP-11 C compiler, not one that anyone uses any more. But it
        NR> was a great hack. -John]


AFAIK the C compiler also (primarily) detected when one was
recompiling the login source (login.c), and inserted into _that_ a
backdoor. The backdoor in the C compiler was only intended to protect
the mechanism which mangled login.c, so that it was "impossible" to
get out of this mechanism, unless one used another C compiler, or
so...


But the problem remains, that it is all but impractical to check for
this kind of thing in todays language enivronemnts (not only the
compiler, but the assembler, the librarian, the loader, the OS,
etc. have to be scrutinized, to assure correct operation). And much
more relevantly, one has to check for simple _bugs_. This has only
been done for small environments, which can be proved correct, or
probably for more complex environments by large government agencies.


Regs, Pierre.


--
Pierre Mai <dent@cs.tu-berlin.de> http://home.pages.de/~trillian/
--

Return to the comp.compilers page.
Search the comp.compilers archives again.