[2022] Reviving and evaluating Thompson's backdoor in OpenBSD's make - Samuel Aubertin

38 years ago Ken Thompson presented a well-known, binary-only backdoor based on two capabilities of self-hosted compilers: self-replication and their ability to learn. Other-than-compilers system components are self-hosted, like OpenBSD's `make`: in order to build a new `make` binary from source, you need an existing `make` executable and this one may have been educated to misbehave! This talk covers the technical implementation of such backdoor and tries to evaluate trust-improving techniques for self-hosted components. Samuel AUBERTIN is a PhD student in the Systems & Software Security at EURECOM² and cybersecurity consultant for IBM in France.