oss-sec mailing list archives
Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: Jacob Bachmeyer <jcb62281 () gmail com>
Date: Thu, 18 Apr 2024 21:17:28 -0500
Matt Johnston wrote:
On 2024-04-17 10:25 am, Jacob Bachmeyer wrote:see that particular slowdown? (Not the backdoor initialization making sshd take longer to start up---a running sshd taking longer to reject a session for a nonexistent account, unless Andres Freund forgot to tell us that he was running sshd from inetd and thereby including sshd startup latency in his measurements.)Recent OpenSSH always re-execs for each incoming connection (for fresh ASLR) so it's always similar to inetd startup.
Aha! That explains it. There may not be another backdoor after all: if sshd always reinitializes by exec, it would incur the full startup delay for each connection, and the backdoor may actually be inert if the client requests publickey auth.
Thank you for filling in the missing detail. -- Jacob
Current thread:
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk (Apr 01)
- <Possible follow-ups>
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk (Apr 12)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Apr 16)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Matt Johnston (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer (Apr 19)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jacob Bachmeyer (Apr 17)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jakub Wilk (Apr 17)