?? acm classic reflections on trusting trust.mht
字號(hào):
From: <由 Microsoft Internet Explorer 5 保存>
Subject: ACM Classic: Reflections on Trusting Trust
Date: Thu, 12 Mar 2009 14:14:09 +0800
MIME-Version: 1.0
Content-Type: multipart/related;
type="text/html";
boundary="----=_NextPart_000_004A_01C9A31C.CF6FEB40"
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
This is a multi-part message in MIME format.
------=_NextPart_000_004A_01C9A31C.CF6FEB40
Content-Type: text/html;
charset="gb2312"
Content-Transfer-Encoding: quoted-printable
Content-Location: http://cm.bell-labs.com/who/ken/trust.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>ACM Classic: Reflections on Trusting Trust</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dgb2312">
<META content=3D"MSHTML 6.00.2900.3492" name=3DGENERATOR></HEAD>
<BODY>
<H2>Reflections on Trusting Trust<BR><EM>Ken Thompson</EM></H2>
<HR>
Reprinted from <CITE>Communication of the ACM</CITE>, Vol. 27, No. 8, =
August=20
1984, pp. 761-763. Copyright © 1984, Association for Computing =
Machinery, Inc.=20
Also appears in <CITE>ACM Turing Award Lectures: The First Twenty Years=20
1965-1985</CITE> Copyright © 1987 by the ACM press and =
<CITE>Computers Under=20
Attack: Intruders, Worms, and Viruses</CITE> Copyright © 1990 by =
the ACM press.=20
<P>I copied this page from the <A=20
href=3D"http://www.acm.org/classics/sep95/">ACM,</A> in fear that it =
would someday=20
turn stale.=20
<HR>
<H3>Introduction</H3>
<P>I thank the ACM for this award. I can't help but feel that I am =
receiving=20
this honor for timing and serendipity as much as technical merit. UNIX =
swept=20
into popularity with an industry-wide change from central main frames to =
autonomous minis. I suspect that Daniel Bobrow (1) would be here instead =
of me=20
if he could not afford a PDP-10 and and had to "settle" for a PDP-11. =
Moreover,=20
the current state of UNIX is the result of the labors of a large number =
of=20
people.=20
<P>There is an old adage, "Dance with the one that brought you," which =
means=20
that I should talk about UNIX. I have not worked on mainstream UNIX in =
many=20
years, yet I continue to get undeserved credit for the work of others.=20
Therefore, I am not going to talk about UNIX, but I want to thank =
everyone who=20
has contributed.=20
<P>That brings me to Dennis Ritchie. Our collaboration has been a thing =
of=20
beauty. In the ten years that we have worked together, I can recall only =
one=20
case of miscoordination of work. On that occasion, I discovered that we =
both had=20
written the same 20-line assembly language program. I compared the =
sources and=20
was astounded to find that they matched character-for-character. The =
result of=20
our work together has been far greater than the work that we each =
contributed.=20
<P>I am a programmer. On my 1040 form, that is what I put down as my =
occupation.=20
As a programmer, I write programs. I would like to present to you the =
cutest=20
program I ever wrote. I will do this in three stages and try to bring it =
together at the end.=20
<H3>Stage I</H3>
<P>In college, before video games, we would amuse ourselves by posing=20
programming exercises. One of the favorites was to write the shortest=20
self-reproducing program. Since this is an exercise divorced from =
reality, the=20
usual vehicle was FORTRAN. Actually, FORTRAN was the language of choice =
for the=20
same reason that three-legged races are popular.=20
<P>More precisely stated, the problem is to write a source program that, =
when=20
compiled and executed, will produce as output an exact copy of its =
source. If=20
you have never done this, I urge you to try it on your own. The =
discovery of how=20
to do it is a revelation that far surpasses any benefit obtained by =
being told=20
how to do it. The part about "shortest" was just an incentive to =
demonstrate=20
skill and determine a winner.=20
<P><A name=3Dfig1><IMG alt=3D"[figure 1]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig1.gif"></A><BR><STRONG>FIGURE =
1</STRONG>=20
<P><A =
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig1.gif">Figure =
I</A>=20
shows a self-reproducing program in the C programming language. (The =
purist will=20
note that the program is not precisely a self-reproducing program, but =
will=20
produce a self-reproducing program.) This entry is much too large to win =
a=20
prize, but it demonstrates the technique and has two important =
properties that I=20
need to complete my story: (1) This program can be easily written by =
another=20
program. (2) This program can contain an arbitrary amount of excess =
baggage that=20
will be reproduced along with the main algorithm. In the example, even =
the=20
comment is reproduced.=20
<H3>Stage II</H3>
<P>The C compiler is written in C. What I am about to describe is one of =
many=20
"chicken and egg" problems that arise when compilers are written in =
their own=20
language. In this ease, I will use a specific example from the C =
compiler.=20
<P>C allows a string construct to specify an initialized character =
array. The=20
individual characters in the string can be escaped to represent =
unprintable=20
characters. For example,=20
<BLOCKQUOTE>"Hello world\n" </BLOCKQUOTE>
<P>represents a string with the character "\n," representing the new =
line=20
character.=20
<P><A name=3Dfig2><IMG alt=3D"[figure 2]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig2.gif"></A><BR><STRONG>FIGURE =
2</STRONG>=20
<P><A href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig2">Figure =
2</A> is an=20
idealization of the code in the C compiler that interprets the character =
escape=20
sequence. This is an amazing piece of code. It "knows" in a completely =
portable=20
way what character code is compiled for a new line in any character set. =
The act=20
of knowing then allows it to recompile itself, thus perpetuating the =
knowledge.=20
<P><A name=3Dfig3><IMG alt=3D"[figure 3]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig3.gif"></A><BR><STRONG>FIGURE =
3</STRONG>=20
<P>Suppose we wish to alter the C compiler to include the sequence "\v" =
to=20
represent the vertical tab character. The extension to <A=20
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig2">Figure 2</A> is =
obvious=20
and is presented in <A=20
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig3">Figure 3</A>. =
We then=20
recompile the C compiler, but we get a diagnostic. Obviously, since the =
binary=20
version of the compiler does not know about "\v," the source is not =
legal C. We=20
must "train" the compiler. After it "knows" what "\v" means, then our =
new change=20
will become legal C. We look up on an ASCII chart that a vertical tab is =
decimal=20
11. We alter our source to look like <A=20
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig4">Figure 4</A>. =
Now the old=20
compiler accepts the new source. We install the resulting binary as the =
new=20
official C compiler and now we can write the portable version the way we =
had it=20
in <A href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig3">Figure =
3</A>.=20
<P><A name=3Dfig4><IMG alt=3D"[figure 4]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig4.gif"></A><BR><STRONG>FIGURE =
4</STRONG>=20
<P>This is a deep concept. It is as close to a "learning" program as I =
have=20
seen. You simply tell it once, then you can use this self-referencing=20
definition.=20
<H3>Stage III</H3><A name=3Dfig5><IMG alt=3D"[figure 5]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig5.gif"></A><BR><STRONG>FIGURE =
5</STRONG>=20
<P>Again, in the C compiler, <A=20
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig5">Figure 5</A> =
represents=20
the high-level control of the C compiler where the routine "compile" is =
called=20
to compile the next line of source. <A=20
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig6">Figure 6</A> =
shows a=20
simple modification to the compiler that will deliberately miscompile =
source=20
whenever a particular pattern is matched. If this were not deliberate, =
it would=20
be called a compiler "bug." Since it is deliberate, it should be called =
a=20
"Trojan horse."=20
<P><A name=3Dfig6><IMG alt=3D"[figure 6]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig6.gif"></A><BR><STRONG>FIGURE =
6</STRONG>=20
<P>The actual bug I planted in the compiler would match code in the UNIX =
"login"=20
command. The replacement code would miscompile the login command so that =
it=20
would accept either the intended encrypted password or a particular =
known=20
password. Thus if this code were installed in binary and the binary were =
used to=20
compile the login command, I could log into that system as any user.=20
<P>Such blatant code would not go undetected for long. Even the most =
casual=20
perusal of the source of the C compiler would raise suspicions.=20
<P><A name=3Dfig7><IMG alt=3D"[figure 7]"=20
src=3D"http://cm.bell-labs.com/who/ken/fig7.gif"></A><BR><STRONG>FIGURE =
7</STRONG>=20
<P>The final step is represented in <A=20
href=3D"http://cm.bell-labs.com/who/ken/trust.html#fig7">Figure 7</A>. =
This simply=20
?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -