Lunduke
News • Science & Tech
The creator of UNIX built a Trojan Horse which let him log in to any UNIX machine.
And nobody knew about it for years.
Bryan Lunduke
May 05, 2024
post photo preview

Back in 1984, the Association for Computing Machinery presented Ken Thompson with a “Turing Award” for his many contributions to the world of computing.

And for good reason.

Ken worked on Multics, co-created UNIX, created multiple programming languages (Bon and B — which directly led to C), co-created the Plan 9 operating system, UTF-8, and on and on.  If anyone deserves an award for advancing computing... it's Ken Thompson.

But we’re not here today to talk about those extraordinary contributions to computing.

No, sir.

We’re here to talk… about his acceptance speech.

Because that speech revealed a truly fascinatin computer virus that Thompson had created years earlier… for the C compiler.  One which gave him a backdoor into UNIX itself.

The Speech

He titled his speech “Reflections on Trusting Trust”, and the basic premise is this:

“To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.”

To prove his point, Ken told the tale of how he had — years earlier — created what was, essentially, a computer virus that infected the C compiler (cc) and the UNIX login program.

Seriously.

This is real.

Ken could gain control of most UNIX systems

It worked, essentially, like this:

Ken modified cc (the C compiler on UNIX systems) so that — only when it was compiling UNIX’s “login” program — it would inject a small “backdoor” (into “login”) that would allow him to log in as any user on the system if he used a predefined “password”.

Which is, obviously, a pretty big security hole.

However…

That sort of "universall password" code would be likely to be found during even a rudimentary code review of the C compiler. Or, heck, even by any casual programmer who happened upon that section of the code.

What Ken did next was… devious.

Hiding his UNIX backdoor

He needed to make sure that, should anyone find his nefarious code in “cc”… that his backdoor would live on.

So he then added functionality to “cc” so that it would detect if it was compiling itself (because the C compiler was compiled… in the C compiler)… and insert code into the compiler that would add… itself.

Which means…

Even if the source code is removed from “cc” project… the code (for adding both the login backdoor and the “keep adding this to the C compiler” bits) would get “invisibly” injected into “cc” every time it got compiled by an already infected build of the compiler.

So… as long as there was an unbroken chain of using the C compiler from that point onward, the UNIX login backdoor was unlikely to be effectively removed.

Brutal.

According to Thompson:

“The actual bug I planted in the compiler would match code in the UNIX "login" command. The replacement code would miscompile the login command so that it would accept either the intended encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.”

The Moral of the story

As Ken Thompson put it…

“The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect.”

Did this make it out into the wild?

I know what you're thinking.  "Is this code still out there?  How many systems were impacted by this?"

What we know: This bit of naughty code was released to at least one machine (used by a UNIX support group). This has been confirmed by Ken, himself.

However, it is believed that the code went no further than that machine.

But... do we know for sure?

Do we actually have a high level of confidence that the modified “cc” and “login” went no further than that support group UNIX box?

No. No, we do not.

In fact, according to Eric S. Raymond

“[I have] heard two separate reports that suggest that the crocked login did make it out of Bell Labs, notably to BBN, and that it enabled at least one late-night login across the network by someone using the login name “kt”.”

BBN.  That's Raytheon.  A critical DARPA researcher -- one which was instrumental in the early days of ARPANET.  A huge amount of software came out of BBN.  Heck, even the first Text Adventure game came from there.

If UNIX machines at Raytheon BBN were infected... the possibility of infected versions of those files making it to other sites is incredibly high.

Truly wild

Which leads to a (rather amusing, and mildly terrifying) bit of historical trivia:

Ken Thompson — one of the co-creators of UNIX — intentionally created a trojan horse that infected both the C compiler and the “login” program of UNIX systems.

What’s more… it went undetected for years.  We wouldn't even have known about it, if he hadn't told us he created it.

And we truly have no clue how widespread that trojan became.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
22
What else you may like…
Videos
Podcasts
Posts
Articles
Bryan Lunduke@Lunduke
18 hours ago
Internet Archive Reaches Secret Settlement with Universal Music

Internet Archive Founder, Brewster Kahle, was the final hold-out in reaching a settlement. Which is being kept confidential.

More from The Lunduke Journal:
https://lunduke.com/

00:10:54
Reply
Bryan Lunduke@Lunduke
September 16, 2025
CTO of Microsoft Azure: "USA is Fascist Regime"

Microsoft employees chanting "Go away, Jews!" Then Microsoft employees praising the murder of Charlie Kirk. Now the Microsoft Chief Technical Officer of Azure attacks the USA & Trump.

More from The Lunduke Journal:
https://lunduke.com/

00:09:50
Reply
Bryan Lunduke@Lunduke
September 16, 2025
New Lunduke Journal Sub Perks, Lifetime Price Increase Next Week

DRM-Free PDF eBooks, games, an Exclusive Forum, and other goodies for Lunduke Journal Subscribers.

The details:
https://lunduke.locals.com/post/7279764/new-lunduke-journal-sub-perks-lifetime-price-increase-next-week

More from The Lunduke Journal:
https://lunduke.com/

00:06:16
Reply
Bryan Lunduke@Lunduke
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
Reply
Bryan Lunduke@Lunduke
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
Reply
Bryan Lunduke@Lunduke
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
Reply
2disbetter@2disbetter
17 hours ago

You all, I think, will be very proud of me. All of my computers in the house, other than my desktop are now running Omarchy or Open Mandriva Linux.

Microsoft is so disgusting right now that I just can't not be using Linux.

I mean I am probably one of the most hardcore Windows developers on here. I still think a lot of my points are valid, but Microsoft is just so ethically bad that I can't support them willingly. I have to use Windows at work and development focuses on it in some cases.

BUT, I have already released 3 Linux based applications of my own, and that is something I NEVER thought I would do.

It is a crazy world.

https://github.com/2disbetter/

DHH backing Omarchy is the kind of support I was hoping would come to a desktop Linux distro. That it is Arch and uses Hyprland just makes me smile. I of course support xlibre, but I just really like Hyprland.

Anyway, figured this crowd would find all of this as ironic as I do. Hope you all are having a rad day!

Reply
PlebOne@PlebOne
21 hours ago

Hey @Lunduke , I pinged you on X but not sure if you'll see it, so I'll share here.

There seems to be a small uprising on Bluesky to get DHH disassociated from Ruby on Rails, if you just go on BlueCry and search DHH you'll see the discussions. Don't know if it actually has legs.

Reply
leebase@leebase
18 hours ago

Tech Writers and Their Horrible Reviews

Its review season as Apple’s new iPhones and AirPods Pro Gen 3 are out in the wild. So many reviewers vying to get their content out there. And I appreciate the effort most of the time. Ok, SOME of the time.

First annoyance are “first look” reviews that add nothing of value above what was put out by Apple PR. But if “First Look” or “Unboxing” is in the title, you know what you are in for.

I save most of my ire for tech reviewers writing about photo, video or sound. These are the worst quality reviews IMNSHO. So much time wasted on technical detail and testing…by people who don’t know beans about photography, video or music.

I pay attention to photographers who take the time to use a smartphone in the field, for their work. Some talentless shutter clicker who takes the same uninspired photo using 5 different cameras, then pixel peeping to declare which one was “the winner” is useless.

Austin Mann has year in and out created some of the ...

Reply
Bryan Lunduke@Lunduke
7 hours ago
Final Reminder: Lifetime Price Increase in 24 hours

This is just a super quick reminder (so no body misses out):

This Friday (September 19th), the price of a new Lifetime Subscription to The Lunduke Journal will be increasing from $200 to $300.

Which means: If you want to pick up a new Lifetime Subscription for the lower price, simply grab one (via Locals, Substack, or Bitcoin) by Thursday night (Sep 18th). That’s roughly 24 hours from the moment I am writing these words.

Obviously, once you have a Lifetime Subscription you’re set. You know. For life.

I wanted to give all of you some notice so you could grab one at the lower rate.

Also worth noting: The Lunduke Journal has phased out sales and discount promotions. The current price of a subscription is the best price.

This will be the final reminder before the change goes into effect.

-Lunduke

Read full Article
Reply
Bryan Lunduke@Lunduke
September 15, 2025
post photo preview
Lunduke Livestream: Tue, Sep 16 at 1pm Eastern

The Lunduke Journal regular live-streaming is back! The next show is Tuesday, September 16th (tomorrow) at 1pm Eastern (10am Pacific, 5pm UTC).

You can catch the live video, for free, on X, Rumble, YouTube, & Locals.

We’ve got a lot of Tech News to cover — and who knows what stories will pop up between now and then!

Time permitting, we’ll also be doing a little Nerdy Q & A. So, if you’ve got something you’d like to ask, join us in one of the chat rooms!

Also, quick reminder that the price of new Lifetime Subscription is going up this Friday. If you want one at the lower price, now’s your moment. We’ve also added some new perks for subscribers worth checking out.

See you nerd tomorrow!

-Lunduke

Read full Article
Reply
Bryan Lunduke@Lunduke
September 14, 2025
New Lunduke Journal Sub Perks, Lifetime Price Increase Next Week

A quick update: There are some new perks for Lunduke Journal subscribers, and an upcoming price increase for new Lifetime Subscriptions (if you want one of those at the lower price, you have a couple days).

All the details below.

Lifetime Subscription Price Increase

This coming Friday (September 19th), the price of a new Lifetime Subscription to The Lunduke Journal will be increasing from $200 to $300. I wanted to give all of you a few days notice so you could grab one at the lower rate.

If you want to pick up a Lifetime Subscription for the lower price, simply grab one (via Locals, Substack, or Bitcoin) by Thursday night (Sep 18th).

The prices for new Yearly and Monthly subscriptions will remain the same. No changes.

Reminder: The Lunduke Journal has phased out sales and discount promotions. The current price of a subscription is the best price.

New Perks for Lunduke Journal Subscribers

I am working on adding a few new perks for Lunduke Journal subscribers — a way of saying “Thank You” for making this work possible (while still keeping all of the articles and shows free for the world).

Here are the perks as of today.

Perks for all Subscribers (Monthly, Yearly, and Lifetime):

Note: The eBooks & Games are currently only available on Locals & Substack (due to platform features). Those perks will also become available to subscribers on X, YouTube, & Patreon next week. Stay tuned for access details.

Additional (Optional) Perks only for Lifetime Subscribers:

  • The Lunduke Journal will follow your account on X.

  • Your name (real, or internet handle) listed in a special thanks slide at the end of new Lunduke Journal videos.

Both of these perks are 100% optional.

If you are a Lifetime Subscriber, and would like to take advantage of either (or both), simply email “bryan at lunduke.com” with the subject line “Lifetime Perk” (that part is important, I get so many emails this will help me see yours) and include a link to your X profile and/or the way you want your name to appear at the end of videos.

One of the nice parts of having Lunduke Journal follow your X account… is it will make it far easier (and more likely) for me to see your comments.

Thank You

I am working to expand all of the regular perks (books, etc.) to subscribers across all platforms (which was a little tricky, considering the differences in each platform, but I managed to figure out how to do it) — while adding a few new ones as well.

Nothing crazy, just a way of saying “Thank You”.

Seriously.

From the bottom of my heart, thank you for your support. The Lunduke Journal is only possible thanks to each and every one of you.

-Lunduke

Read full Article
Reply
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals