oss-sec mailing list archives

Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise

From: Axel Beckert <abe () deuxchevaux org>
Date: Sat, 30 Mar 2024 22:46:17 +0100

Hi Andres,

On Sat, Mar 30, 2024 at 12:48:50PM -0700, Andres Freund wrote:

FWIW, RSA_public_decrypt is reachable, regardless of server configuration,
when using certificate based authentication.

             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Wait, do you really mean SSH keys verified by certificates issued by a
(usually internal, SSH-specific) certificate authority (CA) for a key?

See e.g.
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Certificate-based_Authentication
what certificate-based authentication in SSH actually means.

From my experience certificate-based SSH authentication (i.e. those
algorithms with *-cert-* in their names) is rather rare, while simple
public key authentication (where you just put your according pubkey
into .ssh/authorized_keys) is very common.

Can you clarify if you really meant that solely certificate based
authentication (with certificates issued by a CA) triggers that code
path or if you actually meant all sorts of public key based
authentication in general?

                Kind regards, Axel
-- 
PGP: 2FF9CD59612616B5      /~\  Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe () deuxchevaux org  \ /  Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe () noone org  X
https://axel.beckert.ch/   / \  I love long mails: https://email.is-not-s.ms/

Attachment: signature.asc
Description:

Current thread:

Re: backdoor in upstream xz/liblzma leading to ssh server compromise, (continued)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jonathan Schleifer (Mar 30)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jonathan Schleifer (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Fay Stegerman (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Christoph Anton Mitterer (Mar 30)
  - RE: backdoor in upstream xz/liblzma leading to ssh server compromise Thomas Ward (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Alexander E. Patrakov (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Axel Beckert (Mar 30)
    - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Jeffrey Walton (Mar 31)
  - Re: Re: backdoor in upstream xz/liblzma leading to ssh server compromise Fay Stegerman (Mar 30)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Rein Fernhout (Levitating) (Mar 30)
    - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Andres Freund (Mar 30)
  - Re: backdoor in upstream xz/liblzma leading to ssh server compromise Solar Designer (Mar 31)
- Re: backdoor in upstream xz/liblzma leading to ssh server compromise Michael.Karcher (Mar 31)

(Thread continues...)