Password Choices

Rick Adams rick at seismo.CSS.GOV
Sat Aug 13 07:15:14 AEST 1988


In article <8502 at hall.cray.com>, blu at hall.cray.com (Brian Utterback) writes:
> The key word here is almost.  In the Turing lecture, this was presented as
> a scenario, not as a historical reference. 

OK. Here is a historical reference that describes it as reality and
not as a scenario.

>From research!dmr Thu Nov  4 02:30:06 1982
Subject: Joy of reproduction
Newsgroups: net.lang.c

Some years ago Ken Thompson broke the C preprocessor in the following
ways:
  1) When compiling login.c, it inserted code that allowed you to
  log in as anyone by supplying either the regular password or a special,
  fixed password.

  2) When compiling cpp.c, it inserted code that performed the special
  test to recognize the appropriate part of login.c and insert the
  password code.  It also inserted code to recognize the appropriate
  part of cpp.c and insert the code described in way 2).

Once the object cpp was installed, its bugs were thus self-reproducing,
while all the source code remained clean-looking.  (Things were even set
up so the funny stuff would not be inserted if cc's -P option was used.)

We actually installed this on one of the other systems at the Labs.
It lasted for several months, until someone copied the cpp binary
from another system.

Notes:
  1)  The idea was not original; we saw it in a report on Multics
  vulnerabilities. I don't know of anyone else who actually went to
  the considerable labor of producing a working example.

  2) I promise that no such thing has ever been included in any distributed
  version of Unix.  However, this took place about the time that NSA
  was first acquiring the system, and there was considerable temptation.

		Dennis Ritchie



More information about the Comp.unix.questions mailing list