No announcement yet.

Very sweet compiler hack from 1984

  • Filter
  • Time
  • Show
Clear All
new posts

  • Very sweet compiler hack from 1984

    Somehow I never heard about this hack before. The author describes a very clever way to hack the binary (executable) compiler in a way that is pretty stealthy.

    Of course, it would fail a checksum or other HMAC, but I would imagine that lots of people would run it without that check. Just look at how many people have been accepting the site certificate from Hotmail that Firefox won't properly authenticate.

    Some excerpts:

    "The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user."

    "First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere."


    "No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect."
    "Men entrusted with power, even those aware of its dangers, tend, particularly when pressured, to slight liberty." - , The Church Committee, April 26 (legislative day, April 14), 1976

  • #2
    Re: Very sweet compiler hack from 1984

    This was one of those things that I thought was as well known as, "The Morris Worm."

    Also, consider sendmail wizard mode bug

    The compiler trojan was a clever trojan horse brought to you by one of the two people that were core to UNIX being available on different architectures without the need for OS code that was written in assembly.