In Ken Thompson’s 1984 Turing Award Lecture, “Reflections on Trusting Trust” [mirror], he describes a method for inserting a backdoor into a compiler binary, and programs it compiles, without it remaining in the source. He also discusses quines, compiler bootstrapping, and the layers of trust in software. It’s an easy, 3-page paper, well worth a read.
Ken has confirmed that he actually carried out [HN] this attack internally. It was discovered [HN], when someone in the PWB department noticed that the compiler binary grew one byte every time it compiled itself, so they debugged and recompiled it from assembly, inadvertently breaking the chain. The bug was that a string constant from the backdoor was mishandled and grew by a single NUL byte each time, making it not reproducible. Russ Cox asked Ken for a copy of the backdoor source code and describes [HN in detail how it works with a Research Unix Sixth Edition emulator he wrote in Go to try it.
David A. Wheeler introduces a method to counter this attack in “Countering Trusting Trust through Diverse Double-Compiling” (2005). With a compiler binary, the source for that compiler, and an alternate compiler, compiling the source of the first compiler with both yields two functionally equivalent stage-1 compilers. Compiling the compiler source again with both stage-1 compilers yields two binary-equivalent stage-2 compilers.