Rule 10: Trust is a Relative Concept

For the purpose of achieving the strongest possible computer security, "trust no one" is the strongest policy. Any piece of software or hardware could deliver a Trojan Horse or other malicious features. Of course, unless you're able to build your own hardware and code all your software, you're going to have to trust someone. Most computer and software companies are relatively trustworthy, even if they don't operate in full disclosure mode by publishing source code or exhaustive hardware specs. Most open source programs are relatively trustworthy as well. Even published source code, however, cannot provide complete protection from malicious code.

In a famous speech, Ken Thompson, one of the creators of UNIX, told of a frightening pair of bugs he was able to code.1 He planted a Trojan Horse in the source of a C compiler that would find and miscompile the UNIX login command in such a way that it would accept either the correct password or one known to him. Once installed in binary, this C compiler would create a login command that enabled him to log into the system as any user. That's a security hole! Now, Thompson knew that another programmer looking at the source would likely see this gaping hole. So he created a second Trojan Horse aimed at the C compiler. He compiled the Trojaned source with the regular C compiler to produce a Trojaned binary and made this the official C compiler. Voila, Thompson could then remove the bugs from the source, knowing that the new (Trojaned compiler) binary would reinsert the bugs whenever it was compiled. Thus, the login command was Trojaned with no trace in the source code. Thompson pointed out the clear moral of the story: "You can't trust code that you did not totally create yourself." On the other hand, not many of us are Ken Thompson, with resume items like "Invented UNIX operating system." Perhaps a better moral would be: "Trust no one completely."

 


1. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763. See http://www.acm.org/classics/sep95/


Excerpt from Unix System Security Tools by Seth T. Ross
Copyright © 1999 by The McGraw-Hill Companies. Used with permission.
HTML Copyright © 1999 Albion.com.

 

 

Google
 
Web www.albion.com

Albion Home | Netiquette | Netdictionary | Security

Copyright © 1990-2006 Albion.com and Seth T. Ross