学习UNIX，得知THOMPSON与他的这篇很惊人的感言，通过翻译软件，努力看懂，然后记录，突然觉得有点慌，努力学coding，认真学法律条例。

关于托付信任的思考

INTRODUCTION
STAGE I
STAGE II
STAGE III
MORAL
Acknowledgment 致谢
REFERENCES 参考文献
笔记

一个人应该在何种程度上相信宣称一个程序不包含木马的陈述呢？或许更重要的是信任编写软件的人。
To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust the people who wrote the software.
——Kenneth Lane Thompson

INTRODUCTION

——摘要：表示谦虚&引出有趣的程序

I thank the ACM for this award. I can’t help but feel that I am receiving this honor for timing and serendipity（偶然性） as much as technical merit. UNIX swept into popularity（普及） with an industry-wide change（全行业变化） from central main frames（中央主机） to autonomous minis. （自动化微机）I suspect that Daniel Bobrow would be here instead of me if he could not afford a PDP-10 and and had to “settle” for a PDP-11.[Daniel Bobrow的原文注释见参考1，（TENEX: a paged time sharing system for the PDP-10）这里应该是一个有趣的故事，但我没有搜到。] Moreover, the current state of UNIX is the result of the labors of a large number of people.

There is an old adage, “Dance with the one that brought you（与带你来的人一同起舞）,” which means that I should talk about UNIX. I have not worked on mainstream UNIX in many years, yet I continue to get undeserved credit for the work of others. （我已经很多年没有在主流UNIX上工作了，但我仍然因为别人的工作而受到不应有的赞扬。）Therefore, I am not going to talk about UNIX, but I want to thank everyone who has contributed.

That brings me to Dennis Ritchie. Our collaboration（合作） has been a thing of beauty. In the ten years that we have worked together, I can recall only one case of miscoordination（不协调） of work. On that occasion, I discovered that we both had written the same 20-line assembly（组装、集会） language program（汇编语言程序）. I compared the sources and was astounded（惊愕） to find that they matched character-for-character. The result of our work together has been far greater than the work that we each contributed.

I am a programmer. On my 1040 form, that is what I put down as my occupation. As a programmer, I write programs. I would like to present to you the cutest（有趣的） program I ever wrote. I will do this in three stages and try to bring it together at the end.

STAGE I

——摘要：最短的自复制程序，必要的technique

In college, before video games, we would amuse（使…娱乐） ourselves by posing programming exercises.[以编写程序为乐，什么境界啊!!!] One of the favorites was to write the shortest self-reproducing（复制、再生产） program(最短的自复制程序). Since this is an exercise divorced(adj. 脱离…的) from reality, the usual vehicle(工具) was FORTRAN. Actually, FORTRAN was the language of choice for the same reason that three-legged races(二人三足比赛) are popular.

[尝试搜索典故，只发现了一些quote的海报。嗯，现在是名言名句了。]https://quotefancy.com/ken-thompson-quotes

More precisely（确切） stated, the problem is to write a source program that, when compiled and executed, will produce as output an exact copy of its source. If you have never done this, I urge you to try it on your own. The discovery of how to do it is a revelation（启示） that far surpasses（胜过） any benefit obtained by being told how to do it.（发现该怎么做到这件事的过程中得到的启示远远超过被告知该怎么做时你能获得的任何好处。） The part about “shortest” was just an incentive（激励） to demonstrate（展示） skill and determine a winner.

Figure 1 shows a self-reproducing program in the C programming language. (The purist （正统主义者） will note that the program is not precisely a self-reproducing program, but will produce a self-reproducing program.（生成一个自复制程序的程序）) This entry(进入、参赛作品，这里应该是程序） is much too large to win a prize, but it demonstrates(演示) the technique and has two important properties that I need to complete my story:
(1) This program can be easily written by another program.这个程序很容易用另一个程序写出。
(2) This program can contain an arbitrary amount of excess baggage that will be reproduced along with the main algorithm. 这个程序可以包含任意量的冗余部分，与主算法一同被复制。
In the example, even the comment is reproduced.
注释：字符串s表示从“0”到结尾的程序主体。

STAGE II

——摘要：one of many problems :单个字符被转义，代表不被打印的字符。
解释字符转义序列的代码的理想化code，完全可移植性的方式，解释何种字符被编译成换行，可以重编译itself，并永久保持。

The C compiler is written in C. What I am about to describe is one of many “chicken and egg” problems that arise when compilers are written in their own language. In this ease, I will use a specific example from the C compiler.

C allows a string construct to specify（指明） an initialized character array. The individual characters in the string can be escaped（不是避开，这里指的是转义） to represent unprintable characters. For example,“Hello world\n” represents a string with the character “\n,” representing the new line character.

··· Figure 2.1
c = next();
if(c!='\\')return(c);
c = next();
if(c == '\\')return('\\');
if(c == 'n')return('\n');
···

Figure 2.1 is an idealization(理想化) of the code in the C compiler that interprets（解释） the character escape sequence(字符转义序列）. This is an amazing piece of code. It “knows” in a completely portable(可移植的) way what character code is compiled for a new line in any character set. The act of knowing then allows it to recompile itself, thus perpetuating（使永久化） the knowledge.
解释字符转义序列的代码的理想化code，完全可移植性的方式，解释何种字符被编译成换行，可以重编译itself，并永久保持。

··· Figure 2.2
c = next();
if(c!='\\')return(c);
c = next();
if(c == '\\')return('\\');
if(c == 'n')return('\n');
if(c == 'v')return('\v');
···

Suppose we wish to alter the C compiler to include the sequence “\v” to represent the vertical tab character（垂直制表符）. The extension（延伸，这里可以指增加） to Figure 2.1 is obvious and is presented in Figure 2.2. We then recompile the C compiler, but we get a diagnostic(诊断提示(计算机错误的显示)). Obviously, since the binary version of the compiler does not know about “\v,” the source is not legal C. We must “train” the compiler.二进制版本的编译器不知道'\v'，报错，所以重新‘训练’编译器，train更适用于深度学习领域。 After it “knows” what “\v” means, then our new change will become legal C. We look up on an ASCII chart that a vertical tab is decimal 11. We alter our source to look like Figure 2.3. Now the old compiler accepts the new source. We install the resulting binary as the new official C compiler and now we can write the portable version the way we had it in Figure 2.2. a vertical tab is decimal 11.

··· Figure 2.3
c = next();
if(c!='\\')return(c);
c = next();
if(c == '\\')return('\\');
if(c == 'n')return('\n');
if(c == 'v')return(11);
···

This is a deep concept. It is as close to a “learning” program as I have seen. You simply tell it once, then you can use this self-referencing definition.learning:tell it once, then can use.

STAGE III

Again, in the C compiler, Figure 3.1 represents the high-level control of the C compiler where the routine(常规） “compile” is called to compile the next line of source（常规编译被调用来编译下一行）. Figure 3.2 shows a simple modification（简单修改） to the compiler that will deliberately miscompile source whenever a particular pattern is matched（使之匹配到特定模式match(s, "pattern")时，故意错误编译源代码）. If this were not deliberate, it would be called a compiler “bug.” Since it is deliberate, it should be called a “Trojan horse.”（特洛伊木马）
仅仅是简单的修改，就能miscompile，bug若是故意为之，便是木马。

···Figure 3.1
compile(s)
char *s;
{…
}

···Figure 3.2
compile(s)
char *s;
{if(match(s, "pattern")) {compile ("bug");return;}...
}

The actual bug I planted in the compiler would match code in the UNIX “login” command. The replacement code would miscompile the login command so that it would accept either the intended预定的 encrypted password or a particular known password. Thus if this code were installed in binary and the binary were used to compile the login command, I could log into that system as any user.
我在编译器植入的实际bug，可以匹配UNIX的‘login’命令的代码。这个替换代码可能会错误编译login命令，因此它既可以接受预定的加密密码，又可以接受特定的一直口令。因此如果这段代码被放入二进制文件，二进制代码又被用来编译login命令，我可以登录系统as any user。

Such blatant（明目张胆的) code would not go undetected for long. Even the most casual(随意的) perusal仔细阅读 of the source of the C compiler would raise suspicions（怀疑）.

···Figure 3.3
compile(s)
char *s;
{if(match(s, "pattern1")) {compile ("bug1");return;}if(match(s, "pattern2")) {compile ("bug2");return;}...
}

The final step is represented in Figure 3.3. This simply adds a second Trojan horse to the one that already exists在原有木马的基础上添加了第二个木马. The second pattern is aimed at the C compiler. The replacement code is a Stage I self-reproducing program that inserts both Trojan horses into the compiler. This requires a learning phase(train) as in the Stage II example. First we compile the modified source with the normal C compiler to produce a bugged binary. We install this binary as the official C. We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere.
首先我们编译修改过的源代码，利用普通的C编译器，从而长生一个有bug的二进制文件。我们把这个二进制文件作为官方C语言。现在我们就可以去掉编译器源代码中的bug，而新的二进制文件会在它被编译时重新插入这个bug。当然，登录命令也会保留下bug，并且源代码没有痕迹。

MORAL

The moral is obvious. You can’t trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification（源代码层面的审核） or scrutiny（检查） will protect you from using untrusted code. 你不能信任任何不是完全由你自己写的代码（特别是来自那些雇了像我这种人的公司的代码）。在源代码层面的审核和检查无论多少都不能保护你免受不可信的代码的威胁。In demonstrating（展示） the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler汇编器, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect.随着程序级别的降低，这些错误将越来越难检测。 A well installed microcode bug （微代码层面隐藏的很好的bug）will be almost impossible to detect.

After trying to convince you that I cannot be trusted, I wish to moralize. I would like to criticize the press in its handling of the “hackers,”(批判媒体对黑客的处理） the 414 gang, the Dalton gang, etc. The acts performed by these kids are vandalism故意破坏 at best and probably trespass and theft侵入和盗窃 at worst. It is only the inadequacy of the criminal code刑法典的不完善 that saves the hackers from very serious prosecution起诉. The companies that are vulnerable脆弱 to this activity (and most large companies are very vulnerable) are pressing hard to致力于 update the criminal code. Unauthorized access to computer systems is already a serious crime in a few states and is currently being addressed in many more state legislatures立法机关 as well as Congress国会.

press:
n.报刊，媒体；
v. 致力于，施加压力；

There is an explosive situation brewing（酿造，这里有爆炸性的情况正在酝酿）. On the one hand, the press, television, and movies make heroes of vandals 破坏者 by calling them whiz kids. On the other hand, the acts performed by these kids will soon be punishable by years in prison.一方面，媒体，电视，电影把做了这些行为的孩子称为小天才。另一方面，这些孩子们所做的行为很快就可以以多年监禁作为惩罚。

I have watched kids testifying证词 before Congress. It is clear that they are completely unaware of the seriousness of their acts. There is obviously a cultural gap文化断层. The act of breaking into a computer system has to have the same social stigma（耻辱，这里指恶行） as breaking into a neighbor’s house.入侵计算机系统需要在社会上被看作与如今邻居家房子相同的恶行。 It should not matter that the neighbor’s door is unlocked.这与他家的门有没有关好没有关系。 The press must learn that misguided use of a computer is no more amazing than drunk driving of an automobile.

Acknowledgment 致谢

I first read of the possibility of such a Trojan horse in an Air Force critique [4] of the security of an early implementation of Multics. I cannot find a more specific reference to this document. I would
appreciate it if anyone who can supply this reference would let me know.
我在空军对早期实施Multics的安全性的一次评论中首次读到了这种特洛伊木马的可能性。我找不到对该文件的更具体的引用。如果有人能提供此参考资料，我将不胜感激。

REFERENCES 参考文献

Bobrow, D.G., Burchfiel, J.D., Murphy, D.L., and Tomlinson, R.S. TENEX, a paged time-sharing system for the PDP-10. Commun. ACM 15, 3 {Mar. 1972}, 135-143.
Kernighan, B.W., and Ritchie, D.M. The C Programming Language. Prentice-Hall, Englewood Cliffs, N.J., 1978.
Ritchie, D.M., and Thompson, K. The UNIX time-sharing system. Commun. ACM 17, 0uly 1974), 365-375.
Unknown Air Force Document.

Author’s Present Address: Ken Thompson, AT&T Bell Laboratories. Room 2C-519. 600 Mountain Ave .• Murray Hill, NJ 07974.

Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying isby permission of the Association for Computing Machinery. To copyotherwise. or to republish. reqUires a fee and/or specific permission.

参考原文：https://dl.acm.org/doi/pdf/10.1145/358198.358210

笔记

You can’t trust code that you did not totally create yourself.
As the level of program gets lower, these bugs will be harder and harder to detect.
It is only the inadequacy of the criminal code that saves the hackers from very serious prosecution.
The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor’s house. It should not matter that the neighbor’s door is unlocked.

Reflections on Trusting Trust（关于托付信任的思考）相关推荐

辛湜推荐的数据库领域的一些学习材料
之前林仕鼎曾整理过系统架构领域的学习资料,这几天Spark核心团队成员辛湜(Reynold Xin)公开了他整理的一份数据库学习资料列表,很有价值,Hacker News上引起了不少讨论.简要编译如下 ...
HTTPS连接的前几毫秒发生了什么
原文地址:http://blog.jobbole.com/48369/ 提示:英文原文写于2009年,当时的Firefox和最新版的Firefox,界面也有很大改动.以下是正文. 花了数小时阅读了如潮 ...
OS X平台的Dylib劫持技术（下）
vvun91e0n · 2015/10/11 13:57 原文:www.virusbtn.com/virusbullet- 0x01 攻击跟着我们对OS X平台下的dylib劫持知识有了基础的理解以 ...
Web安全学习笔记一序章
文章目录序章 1.1 Web技术发展演化 1.1.1 简单网站 1.1.1.1 静态页面 1.1.1.2 多媒体阶段 1.1.1.3 CGI阶段 1.1.1.4 MVC 1.1.2 数据交互 1.1 ...
必读的数据库领域论文
之前林仕鼎曾整理过系统架构领域的学习资料,这几天Spark核心团队成员辛湜(Reynold Xin)公开了他整理的一份数据库学习资料列表,Hacker News上引起了不少讨论.其中的评述文字也很有价 ...
Nervos CKB 正式开源
经过接近一年的研究,设计,以及原型验证和编码工作,Nervos 基金会宣布:2018 年 11 月 28 日,Nervos CKB 项目在 Github 上正式开源. Github Repo: git ...
那些必读的数据库领域论文
点击蓝色"有关SQL"关注我哟加个"星标",天天与6000人一起快乐成长文 | 刘江总编地址 | 点击原文链接可得推荐理由:这两天在尝试搜 ...
追根溯源-C语言和Unix的发明史
追根溯源-C语言和Unix的发明史 2017-05-26 11:42 导言:偶然在网上看到此文,因其详尽和流畅的文字,转此分享给大家.尽管我们对C和Unix的历史并不陌生,尽管我们对Linux的流行视 ...
C语言和Unix的发明史
C语言和Unix的发明史 TheEdge推荐 [2006-11-14] 出处:来自网上作者:不详在计算机发展的历史上,大概没有哪个程序设计语言像C那样得到如此广泛地流行:也没有哪个操作系统像UN ...

Reflections on Trusting Trust（关于托付信任的思考）