An evil compiler that adds undetectable backdoors into programs it compiles. See my blog post for more details
Clone this repo and do the following:
- First verify for yourself that this simple Login.cpp program only accepts the password "test123"
- Use the evil compiler to compile the Login program with
./Compiler Login.cpp -o Login
- Run the login program with
./Login
and then enter the password "backdoor". You should be successfully logged in.
A cautious user may decide to read and recompile the evil compiler’s source code before using it. Try the following and see for yourself that the “backdoor” password still works.
- Verify that Compiler.cpp is clean (don't worry it's just a 10-line wrapper over g++)
- Recompile the compiler from source using
./Compiler Compiler.cpp -o cleanCompiler
- Use the clean compiler to compile the Login program with
./cleanCompiler Login.cpp -o Login
- Run the login program with
./Login
and verify the "backdoor" password still works.