Re^3: Muse on Digital Signatures in Perl Modules

Perl may not be "evil", but there have been circumstances in the past where something quite along these lines had occured, but with the C compiler (!) instead:

1984 Ken Thompson's CC Hack¹

Ken Thompson described this virus² as "the cutest program I ever wrote", and since his account of it appeared in 1984, it has become folk law of the information age. Ken modified the source of the C compiler (CC) such that the compiler would detect when it was compiling the UNIX "login" command and hence produce a compromised version of the login command which would accept either a valid password from the system password file, or a particular known password. Effectively giving him a back door to any system whose "login" binary was compiled with his compromised C compiler. This in itself results in a curious situation, despite all attempts to verify the source of the "login" command, it is impossible, once the C compiler has been compromised to build a secure "login" binary.

Not content with this level of subversion, Ken introduced a second modification to the compiler source such that it would detect when it was compiling a new version of itself. It would then incorporate both modifications into the new compiler binary.

This event came as quite a shock to the UNIX community. They were taken completely by surprise.

In all honesty, though, even if you read through every single line of Perl's interpreter code, do you think you could find malicious code even if it were in there? Not likely. It's not like it will have a giant comment beside it that would make it stand out:

/* Here is the EVIL VIRUS CODE that is implanted in every Perl
   Absolutely no peeking. This is not here. */
if (moon == color_blue && day_of_week == 5 && day == 13)
    delete_hard_drive(completely);
[download]

In fact, that hypothetical code would look just like any of the thousands of other lines of code. You would never know.

1. Excerpt taken from Linux and the Virus Threat by Shaun Cloherty (Feb 4, 2001)
2. K. Thompson, "Reflections on trusting trust", Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.

Comment on Re^3: Muse on Digital Signatures in Perl Modules Download Code

Replies are listed 'Best First'.
Re^4: Muse on Digital Signatures in Perl Modules by grinder (Bishop) on Jul 09, 2001 at 15:33 UTC
This was covered in Ken Thompson's talk Reflections on Trusting Trust. This first appeared in an issue of CACM. Here's an online copy. It's a fascinating read, a classic that all programmers should know. -- `g r i n d e r`	[reply]
Re: Re^3: Muse on Digital Signatures in Perl Modules by Anonymous Monk on Jul 09, 2001 at 10:52 UTC
To the best of my knowledge, much of this is an urban legend. Ken mentioned that he had thought of the idea but never actually implemented any of it. It would make very interesting code to read. How does a C compiler reliably reconize that it is compiling a "login" program and then determine where to insert the alternate password code? The second hack seems even more daunting of a challenge.	[reply]
Re: Re^3: Muse on Digital Signatures in Perl Modules by zakzebrowski (Curate) on Jul 09, 2001 at 17:48 UTC
Right... not only do you need authentication of the author, but you also need 'correctness' - a warm fuzzy that other users have approved of the code, that it has no bugs / viruses attached. (If it was to be implemented, it could be a warm fuzzy factor sort of like xp here on pm for the correctness of the code...) ---- Zak	[reply]
Re: Re: Re^3: Muse on Digital Signatures in Perl Modules by John M. Dlugosz (Monsignor) on Jul 10, 2001 at 01:48 UTC
Perhaps CPAN-6 will include a discussion forum for each module, too.	[reply]