That Time Ken Thompson Wrote a Backdoor Into the C Compiler

Posted2 months agoActive2 months ago

thunderbong

80 points

13 comments

micahkepe.comTechstory

calmneutral

Debate

20/100

Compiler SecurityKen ThompsonTrust in Software

Key topics

Compiler Security

Ken Thompson

Trust in Software

The article discusses Ken Thompson's 1984 paper 'Reflections on Trusting Trust', which describes how he inserted a backdoor into the C compiler, and the discussion revolves around the implications and relevance of this work to modern software development and security.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

Peak period

2-4h

Avg / period

1.9

Comment distribution13 data points

Loading chart...

Based on 13 loaded comments

Key moments

01Story posted
Oct 25, 2025 at 3:03 AM EDT
2 months ago
Step 01
02First comment
Oct 25, 2025 at 4:17 AM EDT
1h after posting
Step 02
03Peak activity
4 comments in 2-4h
Hottest window of the conversation
Step 03
04Latest activity
Oct 25, 2025 at 8:18 PM EDT
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (13 comments)

Showing 13 comments

turtleyacht

2 months ago

1 reply

Assigning 11 to mean "v" in the sequence "\v" sounds like replacing words (or letters) with numbers.

Is that related to Godel's idea that a system can be either complete or inconsistent?

Digit-Al

2 months ago

1 reply

"\v" is an ASCII control character, and means "vertical tab" (VT). In ASCII it is code 11, which is why they are inserting the number 11.

turtleyacht

2 months ago

Yes. In this case, it represents "teaching" the compiler something it didn't previously "know" about. But wanted to connect that to whether the computed output of a language could ever be falsifiable, i.e. we would not know it happened.

tetris11

2 months ago

1 reply

Ken Thompson's Reflections on Trusting Trust[0] was one of the motivations for Guix's single 357-byte seed (+libguile) full bootstrap[1].

0: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...

1: https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-...

fjfaase

2 months ago

1 reply

For the 'full' graph for stage0 see: https://fransfaase.github.io/Emulator/tdiagram.html and note that it even is not completely 'full' leaving out some steps that copy file from one location to another. Use mouse or fingers to zoom and pan.

I gave a talk about this at WHY2025 which also refers to this 'Reflections on Trusting Trust' paper. On YouTube https://www.youtube.com/watch?v=akzyyO5wvm0

tetris11

2 months ago

1 reply

nice work!

kaem is a new one for me, what's its connection to mescc?

fjfaase

2 months ago

Kaem is a very minimal shell, a program that can set environment variables and start other programs using Linux system calls.

To compile GNU Mes compiler you need a minimal C compiler. Half of the steps in stage0 consist of building that minimal C compiler through a number of steps starting with a very minimal assembler. I am working on an approach that use far less steps and is easier to review than the hunderds of files that are used now.

donatj

2 months ago

1 reply

Hmm... I've read about "Reflections on Trusting Trust" a couple times including in college some twenty years ago, though never the paper itself.

I have never seen the actual examples before, but the way it's always been described to me I kind of expected more...

It was always described as completely undetectable... so my assumption was one could not find it even with a decompiler and a lot of free time...

I guess I expected for instance it to filter patterns of itself out of fread for instance, such that a system built with it literally could not detect its existence at all. I expected it to make the operating system at large lie to you.

fjfaase

2 months ago

2 replies

One can find it out with a decompiler and a lots and lots of free time. Compilers are not trivial programs, especially the ones needed to compile operating systems, with the required optimizations, and there are many ways to obfuscate code.

A better approach is to start with a small executable, one that translate hexadecimal numbers to binary, and from that build all the tools to compile a simple C compiler (such as the Tiny C Compiler, which is not very tiny), to compile the optimizing C compiler that can compile operating systems. That is the approach followed by the live-bootstrap project.

richardhenry

2 months ago

If the compromised compiler also compiles the decompiler…

colejohnson66

2 months ago

That’s what Guix did. All the way back to a 357 byte assembly code blob that turns a hex file into a binary file, and can “compile” itself.

fjfaase

2 months ago

Interesting. I reviewd the live-bootstrap project (a project to build a trusted C compiler for building Linux) in the past years, including writing a Linux on i368 simulator/interpreter, and gave a presentation about this at WHY2025.

Neywiny

2 months ago

> The idea of a Trojan horse predates Thompson's original work on C by at least a few years

Understatement of the eon

View full discussion on Hacker News

ID: 45701884Type: storyLast synced: 11/20/2025, 12:26:32 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN