diff --git a/slides/trusting-make.pdf b/slides/trusting-make.pdf index eee6757..98c64fc 100644 Binary files a/slides/trusting-make.pdf and b/slides/trusting-make.pdf differ diff --git a/slides/trusting-make.tex b/slides/trusting-make.tex index c96316b..638bbf7 100644 --- a/slides/trusting-make.tex +++ b/slides/trusting-make.tex @@ -152,8 +152,8 @@ Compilers carry knowledge obtained from their source across hereditary binaries. \pause \begin{enumerate} -\item If you compile yourself, self-reproduce. -\item If you compile login(1), backdoor it. +\item If you compile yourself, self-reproduce. \pause +\item If you compile \texttt{login(1)}, make it misbehave. \end{enumerate} \end{center} \end{frame} @@ -165,11 +165,11 @@ Compiler Source \textit{CS} $\longrightarrow$ \textit{X} $\longrightarrow$ Compi Backdoored Compiler Source $\longrightarrow$ \textit{C} $\longrightarrow$ \textcolor{orange}{Backdoored Compiler \textit{BC}} \pause -\textit{CS} $\longrightarrow$ \textcolor{orange}{\textit{BC}} $\longrightarrow$ \textcolor{red}{Self-Replicating Backdoored Compiler \textit{KBC'}} \pause +\textit{CS} $\longrightarrow$ \textcolor{orange}{\textit{BC}} $\longrightarrow$ \textcolor{red}{Self-Replicating Backdoored Compiler \textit{SRBC'}} \pause -\textit{CS} $\longrightarrow$ \textcolor{red}{\textit{KBC'}} $\longrightarrow$ \textcolor{red}{\textit{KBC''}} \pause +\textit{CS} $\longrightarrow$ \textcolor{red}{\textit{SRBC'}} $\longrightarrow$ \textcolor{red}{\textit{SRBC''}} \pause -Program Source \textit{S} $\longrightarrow$ \textcolor{red}{\textit{KBC}} $\longrightarrow$ \textcolor{red}{\textbf{Backdoored Program}} +Program Source \textit{S} $\longrightarrow$ \textcolor{red}{\textit{SRBC}} $\longrightarrow$ \textcolor{red}{\textbf{Backdoored Program}} \end{center} \end{frame} @@ -208,7 +208,10 @@ Demonstration \begin{frame}[fragile,c]{Implementation details} \begin{center} -\texttt{/usr/src/usr.bin/make/engine.c} +\texttt{/usr/src/usr.bin/make/engine.c} + +\pause + \begin{itemize} \item \mintinline{c}{bool do_run_command(Job *job, const char *pre)} \item \mintinline{c}{job->node->name} @@ -316,10 +319,10 @@ Detection \begin{center} \pause \begin{itemize} -\item btrace -\item ktrace -\item gdb -\item radare2 +\item btrace \pause +\item ktrace \pause +\item gdb \pause +\item radare2 \pause \end{itemize} \end{center} \end{frame} @@ -329,6 +332,8 @@ Detection David A. Wheeler PhD dissertation\footnote{\url{https://dwheeler.com/trusting-trust/}} +\pause + Compiler Source Code \textcolor{ProcessBlue}{\textit{CS}} $\longrightarrow$ \textcolor{orange}{\textit{X}} $\longrightarrow$ Compiler \textcolor{orange}{\textit{X1}} \pause \textcolor{ProcessBlue}{\textit{CS}} $\longrightarrow$ \textcolor{purple}{\extit{Y}} $\longrightarrow$ Compiler \textcolor{purple}{\extit{Y1}} \pause @@ -351,6 +356,17 @@ Are \textcolor{orange}{\textit{X2}} and \textcolor{purple}{\textit{Y2}} binary e \end{center} \end{frame} +\begin{frame}[fragile,c]{Conclusion} +\begin{center} +\begin{itemize} + +Thompson's backdoor is still powerful and cheap to implement, 48 years after the Multics security audit. + +\end{itemize} +\end{center} +\end{frame} + + \begin{frame}[standout] Let's discuss!