oss-sec mailing list archives
Re: xz backdoor prevention using hosts.deny?
From: Stephen John Smoogen <smooge () gmail com>
Date: Wed, 3 Apr 2024 09:38:08 -0400
On Wed, 3 Apr 2024 at 09:07, Nick Sal <specialroumpa () proton me> wrote:
Hi,
Assume we filter SSH access only to a public domain subnet using the files
hosts.{deny,allow} as seen below.
Would this prevent an attack if a malicious payload was *not* sent from
the allowed subnet?
Trying to figure out if an attack like this was still possible, for the
few days in March the backdoor was active and undetected in rolling distros
(e.g. debian testing).
/etc/hosts.deny: sshd: ALL
/etc/hosts.allow: sshd: "a_subnet"
Does Debian still link hosts.allow/hosts.deny libwrapper with sshd? [or does sshd pull it in from another source?] I know some distributions no longer use this method to limit controls.
Moreover, allowing only public-key authentication for SSH does not help, isn't this right?
Most likely not because the code is looking for a specific publickey to unlock its payload.
Regards, Nick
-- Stephen J Smoogen. Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren
Current thread:
- xz backdoor prevention using hosts.deny? Nick Sal (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Stuart D Gathman (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Stephen John Smoogen (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Pierre-Elliott Bécue (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Ángel (Apr 08)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Andres Freund (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Christoph Anton Mitterer (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 10)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 09)