Sujet : Re: Malware find in the news: xz related.
De : mh+usenetspam1118 (at) *nospam* zugschl.us (Marc Haber)
Groupes : comp.os.linux.miscDate : 31. Mar 2024, 21:12:24
Autres entêtes
Organisation : private site, see http://www.zugschlus.de/ for details
Message-ID : <uucg38$306ja$1@news1.tnib.de>
References : 1 2 3 4 5
User-Agent : Forte Agent 6.00/32.1186
Grant Taylor <
gtaylor@tnetconsulting.net> wrote:
On 3/31/24 11:13, David W. Hodgins wrote:
sshd supports compression. xz is an option for how things are compressed.
>
I've read multiple reports that OpenSSH upstream does not support xz
compression.
>
Yes, OpenSSH does support multiple forms of compression, but xz is not
one of the form supported by upstream OpenSSH proper.
>
xz support was brought in by things downstream.
As far as I have understood this _very_ sophisticated method, ssh is
patched by various distributions with a path endorsed by the portable
openssh project to support sd_notify. This pulls in libsystemd, which
in turn pulls in the trojaned liblzma, which in turn hooks an RSA
function which is then used by the ssd to autenticate a user who tries
to log in.
For this to work, sshd does not need to use xz.
Greetings
Marc
-- ----------------------------------------------------------------------------Marc Haber | " Questions are the | Mailadresse im HeaderRhein-Neckar, DE | Beginning of Wisdom " | Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 6224 1600402
Malware find in the news: xz related.
Re: Malware find in the news: xz related.
