this post was submitted on 14 Aug 2023
11 points (100.0% liked)

Hacking

1615 readers
2 users here now

This is the community for all things hacking and cybersecurity, try keeping it legal. That said I don't take any responsibility for anything that happens/comes from this group but I will try being the best mod that I can to prevent anything from happening.

founded 4 years ago
MODERATORS
 

The linked paper was pointed out to me during a discussion about trusting executables built from source. Perhaps this paper is a well-known document in the hacking community, but I thought it was quite interesting and thought I'd share it.

The document describes how the author created a bugged C compiler that would compile UNIX code in which the "login" command would insert a backdoor.

The actual bug I planted in the compiler would match code in the UNIX "login" command. The re- placement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.

The author also describes strategies to build such bugged compiler in a way that would be very difficult to detect.

The document ends with a moral statement about hacking with a perspective from 1984 which is also an interesting read.

top 1 comments
sorted by: hot top controversial new old
[–] mkwt 2 points 1 year ago

This paper is a true classic.