/trust

Reflections on Trusting Trust Demo

Primary LanguageC

trust

  • First, compile compiler-clean.c normally (cc compiler-clean.c -o compiler-clean)
  • ./compiler-clean input_file out_file takes in the input_file, "compiles it", and gives the binary out_file (actually just passes it to gcc)
  • This is now our main compiler and is innocent.
  • Now, compile auth.c (./compiler-clean auth.c -o auth)
  • ./auth only authorizes if you run as root
  • Compile compiler-trojan.c using the compiler (./compiler-clean compiler-trojan.c compiler-trojan)
  • Now if we use it to compile auth.c (./compiler-trojan auth.c auth), it will give us access even if we are not root.

Now,

  • Compile compiler-clean.c using the malicious compiler (compiler-trojan compiler-clean.c compiler-clean)
  • We can throw away compiler-trojan.c and compiler-trojan and pretend like nothing ever happened.
  • Now, if we use our new compiler-clean (which is actually not-so-clean) to compile auth.c (compiler-clean auth.c -o auth), we see that it gives us access even if we are not root.

Moral: We can't trust our compiler.

Resources: