Re: Gentoo and the XZ Backdoor

Liste des GroupesRevenir à ol advocacy 
Sujet : Re: Gentoo and the XZ Backdoor
De : ff (at) *nospam* linux.rocks (Farley Flud)
Groupes : comp.os.linux.advocacy
Date : 13. Apr 2024, 12:18:42
Autres entêtes
Organisation : UsenetExpress - www.usenetexpress.com
Message-ID : <17c5cfa0d71a6173$13233$197378$802601b3@news.usenetexpress.com>
References : 1 2
On 12 Apr 2024 20:25:31 GMT, Stéphane CARPENTIER wrote:

 
Don't forgot the answers I gave you. I
already provided you links showing you can be affected even without
systemd.
 

Not true.

The backdoor becomes activated only during the execution in
which sshd, libsystemd, and liblzma are linked.  In particular,
the argv[0] is checked to see if it is "/usr/bin/sshd."  If it
is not then the backdoor does not activate.

Furthermore, sshd has to invoked and I never use sshd.  Therefore,
I could be using 5.6.1 to compress/decompress and the backdoor
would just be dormant.


>
https://bugs.gentoo.org/925415
>
 
You should have read down a little bit further. When I read this message
I didn't understood how it was related with the back door. And at the
bottom, it's written: it's not related.
>

Yes it is related.

The backdoor was first released with xz-utils 5.6.0, and this version
was causing segfaults due to code instrumentation when a profile build
was specified.  "Jia Tan" actually fixes this bug, and another involving
valgrind issues, and then releases 5.6.1 with an "improved" backdoor.

It is related because the code changes accompanying the incorporation
of the backdoor were causing problems.


Date Sujet#  Auteur
12 Apr 24 * Re: Gentoo and the XZ Backdoor2Stéphane CARPENTIER
13 Apr 24 `- Re: Gentoo and the XZ Backdoor1Farley Flud

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal