oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Fay Stegerman <flx () obfusk net>
Date: Sat, 30 Mar 2024 21:50:19 +0100
* "Rein Fernhout (Levitating)" <me () levitati ng> [2024-03-30 18:07]:
[...]

You can just use 'sed r\n filename' and it should work. I think it just reads the file and appends a newline.


I don't know if this is relevant, but 'sed r\n filename' does not *in general*
"append a newline".  It appends the file named after the 'r' (in this case a
file named 'n' -- assuming the backslash is interpreted by the shell and thus
doesn't really do anything) after each line of the file 'filename'; unless the
file 'n' doesn't exist, in which case it's equivalent to 'cat', except that it
will indeed happen to append a newline *but only if the original file doesn't
end with one*.

Thus it will behave quite differently depending on whether a file named 'n'
exists or not.

$ printf 'foo\nbar\n' > n
$ printf '1\n2\n3' > somefile
$ sed r\n somefile
1
foo
bar
2
foo
bar
3
foo
bar
$ sed rdoes-not-exist somefile
1
2
3
$ printf '\x00\n\x00' > somefile
$ xxd somefile
00000000: 000a 00
$ sed rdoes-not-exist somefile | xxd
00000000: 000a 000a
$ printf '\x00\n\x00\n' > somefile
$ sed rdoes-not-exist somefile | xxd
00000000: 000a 000a

- Fay
Previous By Date Next
Previous By Thread Next

Current thread: