oss-sec mailing list archives
Re: backdoor in upstream xz/liblzma leading to ssh server compromise
From: "Rein Fernhout (Levitating)" <me () levitati ng>
Date: Fri, 29 Mar 2024 21:17:29 +0100
P.S. in the detect.sh script, the "set -eu" line plays a bad trick: it aborts the check if sshd is not actually linked to liblzma.
Or if sshd is not in PATH. (/usr/sbin/) On 2024-03-29 19:59, Alexander E. Patrakov wrote:
On Sat, Mar 30, 2024 at 12:09 AM Andres Freund <andres () anarazel de> wrote:== Affected Systems ==The attached de-obfuscated script is invoked first after configure, where itdecides whether to modify the build process to inject the code. These conditions include...<snip>Running as part of a debian or RPM package build:if test -f "$srcdir/debian/rules" || test "x$RPM_ARCH" = "xx86_64";thenCould you please confirm that the Arch Linux binary package was never actually compromised?openssh does not directly use liblzma. However debian and several other distributions patch openssh to support systemd notification, and libsystemddoes depend on lzma.<snip>Observed requirements for the exploit: b) argv[0] needs to be /usr/sbin/sshdI have checked, and found that Arch Linux does not apply any patches when building OpenSSH. P.S. in the detect.sh script, the "set -eu" line plays a bad trick: it aborts the check if sshd is not actually linked to liblzma.
Current thread:
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Ivan Delalande (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Vegard Nossum (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Vegard Nossum (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Tavis Ormandy (Mar 30)
- Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Vegard Nossum (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise terraminator (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Ivan Delalande (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Matthias Weckbecker (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Loganaden Velvindron (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Demi Marie Obenour (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Michael Tokarev (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 29)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 29)