A backdoor in xz

Posted Mar 30, 2024 18:20 UTC (Sat) by kreijack (guest, #43513)
In reply to: A backdoor in xz by daroc
Parent article: A backdoor in xz

> # find path to liblzma used by sshd
> path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"

> # does it even exist?
> if [ "$path" == "" ]
> then
> echo probably not vulnerable
> exit
> fi
[...]

$(which sshd) returns "" IF not run as root...

In this case the message should be "Cannot find 'sshd'" and not be a "probably not vulnerable"