[Linux-aus] Unix world reminded of creator Thompson's stunt

Ian Wienand ianw at gelato.unsw.edu.au
Wed Apr 14 14:31:01 UTC 2004

On Wed, Apr 14, 2004 at 08:29:15AM +0300, linux-aus at amos.mailshell.com wrote:
> I think the main fault in the logic of the speaker is that he assumes
> that UNIX' source code exposure is similar to that of Linux.

That seems like the least of the flaws in the argument.  I assume they
are taking about "Reflections on Trusting Trust" [1], which has
nothing to do with "Many Eyes" (and was never distributed, according
to Thompson).  [2] gives you the gist.

In essence, if you have a trojaned compiler binary, this infected
compiler can realise it's building *another* compiler and re-insert
it's trojan code.  You never realise you have the trojan because there
is no source for many eyes to look at, just a badly behaving binary.

The problem comes down to trusting anything you didn't build yourself.
Many eyes can verify the *source* of gcc, and do.  But do you trust
the gcc distributed by your vendor (or more probably, the security of
the mirror you downloaded from)?  This is a serious issue, but not
related to how open code is. 

In fact, the only way this would be detected is with open source.
Even though this is a complex recursive trojan, the code has to be
inserted at some point.  Luckily, thanks to open source, "Many eyes"
can verify the source code of the gcc that built *my* gcc.  And then
the "Many eyes" can verify the source of the gcc that built that gcc.
And so on, and so on.  Once I'm happy with that, I can verify the
source of whatever application I'm building and be quite happy that
I've got exactly what I asked for.

But if this trojan is in icc then how the hell am I ever going to know
it's there?  Worse still, how do I know what has been slipped into a
closed source binary from any vendor?

From the page :

  "Before most Linux developers were born, Ken Thompson had already
  proven that 'many eyes' looking at the source code can't prevent
  subversion," said O'Dowd.

No, he proved the "many closed eyes" theory : many people using
untrusted binaries can see nothing.

Talk about getting the wrong end of the stick ...

[1] http://www.acm.org/classics/sep95/
[2] http://www.jargon.net/jargonfile/b/backdoor.html

ianw at gelato.unsw.edu.au
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.linux.org.au/pipermail/linux-aus/attachments/20040414/5de308a6/attachment-0001.pgp 

More information about the linux-aus mailing list