I’ve written several times (1, 2, 3) about Ken Thompson’s beautiful if terrifying hack that invisibly inserted a back door into all programs generated with the C compiler. “Invisibly” here means that there’s nothing in the C compiler’s source code that indicates what’s happening.
The other day I came across this interesting discussion of the Thompson Hack that makes it clear, in a way that Thompson’s paper did not, just how devastating the hack is. It’s a nice discussion and anyone serious about programming or security should take a look at it. Of course, as I’ve said before, you’ll never trust your tools again.