Re: Auditing Source Code for Backdoors

[Major Variola (ret)]

Bill Franz:  look at the IBM research report "Thirty years later: lesons
from the multics security evaulation"
paper by Karger & Schell.  They describe successfully inserting
backdoors into an OS.
The back doors were distributed (incl. to P-gon) and only discovered a
year later.

Cheers

Auditing Source Code for Backdoors

[Bill Frantz]

I have been asked to audit some source code to see if the programmer
inserted a backdoor.  (The code processes input from general users, and has
access to the bits that control the privilege levels of those users, so
backdoors are quite possible.)  The question I have is what obscure
techniques should I be on the lookout for.  Besides the obvious /* Begin
backdoor code */ of course.  :-)  The code is in ANSI C.

Cheers - Bill


-
Bill Frantz   | The principal effect of| Periwinkle -- Consulting
(408)356-8506 | DMCA/SDMI is to prevent| 16345 Englewood Ave.
[EMAIL PROTECTED] | fair use.  | Los Gatos, CA 95032, USA