Ken Thompson's Sneaky C Compiler Backdoor: A Reflection on Trust
2025-02-16
In his paper "Reflections on Trusting Trust," Ken Thompson, co-creator of UNIX, recounts a chilling tale of a self-replicating backdoor he inserted into the C compiler. This backdoor would automatically inject itself into the login program during compilation, granting him unauthorized access. The insidious part? Even removing the backdoor from the source code wouldn't stop the compiler from re-inserting it during compilation. This story serves as a stark reminder of the limitations of trusting software and the inherent difficulty in ensuring complete security, even with source code review.