by Ken Thompson
, presented as his Turing award
lecture. It describes what is regarded as one of the cool
s of all time:
The Unix V7 login had a backdoor which would allow you to log in as any user by using a particular password. Of course, since V7 was distributed with source, such a blatant backdoor would not go undetected for long. Thus the compiler was hacked so that it would recognise when it was compiling
login, and insert the trojan code. Thus login could be distributed without the trojan appearing in the source.
That's not all, of course. Left at that, someone would no doubt notice the code in the compiler which pulled this trick off. So the compiler was patched to recognise when it was compiling itself, and to insert both the code to patch login, and code to patch the compiler itself. Then the original compiler source (sans trojan) was recompiled, so that no trace of the trojan would be left in the source. Since the compiler has to be compiled by something, and it was the only major C compiler at the time, the trojan would perpetuate itself each time the compiler and login were recompiled.