oss-sec mailing list archives
Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: Matt Johnston <matt () ucc asn au>
Date: Thu, 18 Apr 2024 08:11:24 +0800
On 2024-04-17 10:25 am, Jacob Bachmeyer wrote:
see that particular slowdown? (Not the backdoor initialization making sshd take longer to start up---a running sshd taking longer to reject a session for a nonexistent account, unless Andres Freund forgot to tell us that he was running sshd from inetd and thereby including sshd startup latency in his measurements.)
Recent OpenSSH always re-execs for each incoming connection (for fresh ASLR) so it's always similar to inetd startup.
Cheers, Matt
Current thread:
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk (Apr 01)
- <Possible follow-ups>
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk (Apr 12)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Apr 16)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Matt Johnston (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer (Apr 19)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk (Apr 17)