Re: TBTF for 1999-10-05: Offlist

Dave Long (dl@silcom.com)
Thu, 07 Oct 1999 11:01:38 -0700


> The whole issue illustrates once again that one cannot trust complex
> tools. Forth tools are small enough that you can read them in source,
> compilers included. You need to be very smart to hide anything in
> there.

Except he was being very smart: the trojan was only in the source for
one pass; by the second pass it was only in the binaries, where it
wouldn't have been so obvious. (reread the string escape escapades)

I don't know enough about Forth metacompilation to speak with
reasonable accuracy, but the same trick should be possible:

Start with a forth. Modify a suitable defining word so that it
recognizes its word and your target word, and tosses a (dotrojan)
instead of (docol) into the CFA for those words. Your trojans will
be visible in source. Metacompile to forth'. Trojans are now in
source and in binary. Remove the evidence from the source, and
metacopile again, to forth''. Now, as long as forth'' (or its
descendants) are used to metacompile, your trojans should propagate,
through the binaries.

-Dave

lame compile-time self-rep:
> cat - > foo.x
ld:foo.x: file format not recognized; treating as linker script
ld:foo.x:1: parse error
> gcc foo.x
ld:foo.x: file format not recognized; treating as linker script
ld:foo.x:1: parse error