It turns out that although the paper [Ken Thompson's "Reflections on
Trusting Trust"] does not make it completly clear, it is not a
theoretical speculation. They actually did modify the original Unix C
compiler to put in a backdoor superuser account that was compiled into
every login program in such a manner that the system administrator
could not detect it and even that inspection of the compiler code
wouldn't easily disclose it.
They apparently were being called upon frequently in the early days of
Unix to fix other peoples' systems. The superuser account was a
convenience to them in getting into the systems to do the fixes....
Jon [Hall] also pointed out that the BIOS source code needs to be
inspectable, because deliberate vulnerabilities can be implanted
there.
-- Stan Klein A perspective on "Reflections on Trusting
Trust" 22 Oct 2003 posting to mailing list stds-1583@ieee.org
relevant to electronic voting