I have been asked to audit some source code to see if the programmer
inserted a backdoor. (The code processes input from general users, and has
access to the bits that control the privilege levels of those users, so
backdoors are quite possible.) The question I have is what obscure
techniques should I be on the lookout for. Besides the obvious /* Begin
backdoor code */ of course. :-) The code is in ANSI C.
Cheers - Bill
-
Bill Frantz | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
[EMAIL PROTECTED] | fair use. | Los Gatos, CA 95032, USA