On Sat, Jun 23, 2007 at 08:35:19AM -0700, krith htirk wrote: > Hi, > > I've been told that a developer of gcc, in the early stages, put a > security hole that allowed him complete access to any computer running > unix, as gcc was included in unix, and that it stayed that way until he > decided to tell everyone and patch it. > > I don't believe him, but I couldn't find any information about that in the > internet deniying it. That's why I came here to confirm that it never > happened. > > Sorry for my bad English and thank you. > > Regards. >
A very similar thing has actually happened, but not with gcc (not that I know of anyway.) Ken Thompson (one of the original creators of Unix) *did* put such a hack into their C compiler which would automatically add backdoor code when it compiled the 'login' program. This was many years ago and AFAIK the hacked Unix version was never released into the wild. You can read more about this hack at http://en.wikipedia.org/wiki/Thompson_hack or http://www.acm.org/classics/sep95/ -- <Insert your favourite quote here.> Erik Trulsson [EMAIL PROTECTED]
