A backdoor in xz
A backdoor in xz
Posted Mar 29, 2024 18:27 UTC (Fri) by andresfreund (subscriber, #69562)In reply to: A backdoor in xz by bluca
Parent article: A backdoor in xz
I didn't even notice it during logging in with ssh or such. I was doing some micro-benchmarking at the time and was looking to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd. Which showed lots of cpu time in code with perf unable to attribute it to a symbol, with the dso showing as liblzma. Got suspicious. Then recalled that I had seen an odd valgrind complaint in my automated testing of postgres, a few weeks earlier, after some package updates were installed. Really required a lot of coincidences.
Posted Mar 29, 2024 18:37 UTC (Fri)
by bluca (subscriber, #118303)
[Link]
Posted Mar 29, 2024 18:50 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
I donated $1000 to Debian for your work. Let's all do something nice for Debian, please?
Posted Mar 29, 2024 23:34 UTC (Fri)
by job (guest, #670)
[Link]
Your curiosity saved us from something so much worse. I wish I could thank you better, eternal gratitude must suffice for now.
Posted Mar 29, 2024 23:43 UTC (Fri)
by mcatanzaro (subscriber, #93033)
[Link]
Posted Mar 30, 2024 2:19 UTC (Sat)
by helsleym (guest, #92730)
[Link]
Posted Mar 31, 2024 3:58 UTC (Sun)
by cozzyd (guest, #110972)
[Link]
Posted Mar 31, 2024 10:22 UTC (Sun)
by xgongiveittoya (guest, #165847)
[Link]
Posted Apr 11, 2024 17:35 UTC (Thu)
by martijn (guest, #125289)
[Link]
A backdoor in xz
A backdoor in xz
A backdoor in xz
A backdoor in xz
A backdoor in xz
A backdoor in xz
A backdoor in xz
A backdoor in xz