Re: Left off the ballot?

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Wed Apr 14 2004 - 10:09:42 CDT

On Apr 14, 2004, at 9:41 AM, Alan Dechert wrote:

>> Ah, nice to see the criminal mind at work.
>>
> The trick will be to put this in open source in such a way that no one
> will
> catch it.

I'm certain that almost anything can be hidden in a moderate to large
program in such a way that it won't be easily noticed. Furthermore,
open source software doesn't guarantee that anyone will read it, and it
may take several readers before someone notices the Trojan. Consider
the backdoor someone tried to insert in Linux where the first few
readers only saw an unnecessary check on an obvious boolean, and it
was only later that someone noticed that one of the comparisons was done
with a single = instead of two ==, so it was really an assignment,
and this assignment happened to set the effective user ID to root!
This came within a hairsbreadth of getting into Linux.

                Doug Jones
                jones@cs.uiowa.edu
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:05 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT