Lunduke
News • Science & Tech
The creator of UNIX built a Trojan Horse which let him log in to any UNIX machine.
And nobody knew about it for years.
May 05, 2024
post photo preview

Back in 1984, the Association for Computing Machinery presented Ken Thompson with a “Turing Award” for his many contributions to the world of computing.

And for good reason.

Ken worked on Multics, co-created UNIX, created multiple programming languages (Bon and B — which directly led to C), co-created the Plan 9 operating system, UTF-8, and on and on.  If anyone deserves an award for advancing computing... it's Ken Thompson.

But we’re not here today to talk about those extraordinary contributions to computing.

No, sir.

We’re here to talk… about his acceptance speech.

Because that speech revealed a truly fascinatin computer virus that Thompson had created years earlier… for the C compiler.  One which gave him a backdoor into UNIX itself.

The Speech

He titled his speech “Reflections on Trusting Trust”, and the basic premise is this:

“To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.”

To prove his point, Ken told the tale of how he had — years earlier — created what was, essentially, a computer virus that infected the C compiler (cc) and the UNIX login program.

Seriously.

This is real.

Ken could gain control of most UNIX systems

It worked, essentially, like this:

Ken modified cc (the C compiler on UNIX systems) so that — only when it was compiling UNIX’s “login” program — it would inject a small “backdoor” (into “login”) that would allow him to log in as any user on the system if he used a predefined “password”.

Which is, obviously, a pretty big security hole.

However…

That sort of "universall password" code would be likely to be found during even a rudimentary code review of the C compiler. Or, heck, even by any casual programmer who happened upon that section of the code.

What Ken did next was… devious.

Hiding his UNIX backdoor

He needed to make sure that, should anyone find his nefarious code in “cc”… that his backdoor would live on.

So he then added functionality to “cc” so that it would detect if it was compiling itself (because the C compiler was compiled… in the C compiler)… and insert code into the compiler that would add… itself.

Which means…

Even if the source code is removed from “cc” project… the code (for adding both the login backdoor and the “keep adding this to the C compiler” bits) would get “invisibly” injected into “cc” every time it got compiled by an already infected build of the compiler.

So… as long as there was an unbroken chain of using the C compiler from that point onward, the UNIX login backdoor was unlikely to be effectively removed.

Brutal.

According to Thompson:

“The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.”

The Moral of the story

As Ken Thompson put it…

“The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.”

Did this make it out into the wild?

I know what you're thinking.  "Is this code still out there?  How many systems were impacted by this?"

What we know: This bit of naughty code was released to at least one machine (used by a UNIX support group). This has been confirmed by Ken, himself.

However, it is believed that the code went no further than that machine.

But... do we know for sure?

Do we actually have a high level of confidence that the modified “cc” and “login” went no further than that support group UNIX box?

No. No, we do not.

In fact, according to Eric S. Raymond

“[I have] heard two separate reports that suggest that the crocked login did make it out of Bell Labs, notably to BBN, and that it enabled at least one late-night login across the network by someone using the login name “kt”.”

BBN.  That's Raytheon.  A critical DARPA researcher -- one which was instrumental in the early days of ARPANET.  A huge amount of software came out of BBN.  Heck, even the first Text Adventure game came from there.

If UNIX machines at Raytheon BBN were infected... the possibility of infected versions of those files making it to other sites is incredibly high.

Truly wild

Which leads to a (rather amusing, and mildly terrifying) bit of historical trivia:

Ken Thompson — one of the co-creators of UNIX — intentionally created a trojan horse that infected both the C compiler and the “login” program of UNIX systems.

What’s more… it went undetected for years.  We wouldn't even have known about it, if he hadn't told us he created it.

And we truly have no clue how widespread that trojan became.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
22
What else you may like…
Videos
Podcasts
Posts
Articles
"Lunduke is Fash!"

"This Lunduke guy is really stupid. I want to launch him off a cliff."

More from The Lunduke Journal:
https://lunduke.com/

00:10:13
October 07, 2025
Linus Says Rust Formatting is "Bass-Ackwards Garbage"

"[Rustfmtcheck] is just ANNOYING. It's automated tooling that is literally making bad decisions for the maintainability," says Linux creator, Linus Torvalds.

More from The Lunduke Journal:
https://lunduke.com/

00:08:17
October 06, 2025
Get a Subscription, Give a Subscription

The "Buy One, Give One" Lunduke Journal offer is good through Friday, October 10th.

The Details:
https://lunduke.substack.com/p/get-a-subscription-give-a-subscription

More from The Lunduke Journal:
https://lunduke.com/

00:04:30
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
6 hours ago

Mansfield, Georgia. They come claiming to "help" bring funds to poor areas...

'I can't drink the water' - life next to a US data centre
https://www.bbc.com/news/articles/cy8gy7lv448o

3 hours ago

Consider this...
Lunduke has had his BBS running for years on a DOS based system. He has not been hacked...
Linux has been running for years...it has more holes than swiss cheese...
Why is it then that everyone proclaims this is the "Year of the Linux Desktop?"
Should we not then be proclaiming that "This is the Year of the Dos Desktop?"
We know that DOS is not hackable...why not use that??

16 hours ago

Are you old school???

New: MP4 Downloads for all Lunduke Journal Subscribers

All Lunduke Journal subscribers now have full access to DRM-Free, MP4 versions of every single video released during 2024 and 2025.

No matter where you subscribe to The Lunduke Journal (Substack, Locals, YouTube, X, or Patreon), and no matter what kind of subscription you have (Monthly, Yearly, or Lifetime), you can go to the Subscriber Perks page to get access to some pretty rad goodies:

  • DRM-Free, MP4 versions of all shows

  • A dozen PDF eBooks (plus some goofy games)

  • Full access to the exclusive Lunduke Journal forum

All my way of saying “Thank You” for supporting the important work of The Lunduke Journal. Couldn’t do it without you.

Also worth noting:

Any Lifetime Subscription (or Yearly Subscription picked up through Substack) is “Buy One, Give One” through Friday. Meaning you get a subscription for yourself… and can give a free subscription to whoever you like!

Which. You know. Is pretty awesome.

-Lunduke

Read full Article
September 18, 2025
Final Reminder: Lifetime Price Increase in 24 hours

This is just a super quick reminder (so no body misses out):

This Friday (September 19th), the price of a new Lifetime Subscription to The Lunduke Journal will be increasing from $200 to $300.

Which means: If you want to pick up a new Lifetime Subscription for the lower price, simply grab one (via Locals, Substack, or Bitcoin) by Thursday night (Sep 18th). That’s roughly 24 hours from the moment I am writing these words.

Obviously, once you have a Lifetime Subscription you’re set. You know. For life.

I wanted to give all of you some notice so you could grab one at the lower rate.

Also worth noting: The Lunduke Journal has phased out sales and discount promotions. The current price of a subscription is the best price.

This will be the final reminder before the change goes into effect.

-Lunduke

Read full Article
September 15, 2025
post photo preview
Lunduke Livestream: Tue, Sep 16 at 1pm Eastern

The Lunduke Journal regular live-streaming is back! The next show is Tuesday, September 16th (tomorrow) at 1pm Eastern (10am Pacific, 5pm UTC).

You can catch the live video, for free, on X, Rumble, YouTube, & Locals.

We’ve got a lot of Tech News to cover — and who knows what stories will pop up between now and then!

Time permitting, we’ll also be doing a little Nerdy Q & A. So, if you’ve got something you’d like to ask, join us in one of the chat rooms!

Also, quick reminder that the price of new Lifetime Subscription is going up this Friday. If you want one at the lower price, now’s your moment. We’ve also added some new perks for subscribers worth checking out.

See you nerd tomorrow!

-Lunduke

Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals