oss-sec mailing list archives
Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: "Alexander E. Patrakov" <patrakov () gmail com>
Date: Sat, 30 Mar 2024 02:59:14 +0800
On Sat, Mar 30, 2024 at 12:09 AM Andres Freund <andres () anarazel de> wrote:
== Affected Systems == The attached de-obfuscated script is invoked first after configure, where it decides whether to modify the build process to inject the code. These conditions include...
<snip>
Running as part of a debian or RPM package build:
if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64";then
Could you please confirm that the Arch Linux binary package was never actually compromised?
openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemd does depend on lzma.
<snip>
Observed requirements for the exploit: b) argv[0] needs to be /usr/sbin/sshd
I have checked, and found that Arch Linux does not apply any patches when building OpenSSH. P.S. in the detect.sh script, the "set -eu" line plays a bad trick: it aborts the check if sshd is not actually linked to liblzma. -- Alexander E. Patrakov
Current thread:
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Anthony Liguori (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alex Gaynor (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Ivan Delalande (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Vegard Nossum (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Vegard Nossum (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Vegard Nossum (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise terraminator (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Matthias Weckbecker (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Demi Marie Obenour (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)