oss-sec mailing list archives
Re: xz backdoor prevention using hosts.deny?
From: Christoph Anton Mitterer <calestyo () scientia org>
Date: Wed, 10 Apr 2024 01:47:33 +0200
On Tue, 2024-04-09 at 16:36 -0700, Andres Freund wrote:
See https://www.openwall.com/lists/oss-security/2024/03/30/37 for the path leading to certification validation before certificate validity, users, etc are checked.
And I assume "etc" includes access control via hosts.deny?
So in other words, people who had a backdored sshd running, that
was only protected via hosts.deny may have actually been compromised?
Unless[0] of course, access was blocked by netfilter, some
other firewall, router, etc. ... or sshd wasn't even running.
Right?
Cheers,
Chris
[0] And this assumes that no home calling (like automatic command/code
pulling from the adversary, or submission of e.g. found private
keys) and no further attack vectors (other than via sshd) or
infestations (like creating new users or authorized_keys entries)
are to be found...
... which AFAIU is not yet definitely ruled out?
Current thread:
- xz backdoor prevention using hosts.deny? Nick Sal (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Stuart D Gathman (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Stephen John Smoogen (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Pierre-Elliott Bécue (Apr 03)
- Re: xz backdoor prevention using hosts.deny? Ángel (Apr 08)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Andres Freund (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Christoph Anton Mitterer (Apr 09)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 10)
- Re: xz backdoor prevention using hosts.deny? Jacob Bachmeyer (Apr 09)