|
|
Subscribe / Log in / New account

A backdoor in xz

A backdoor in xz

Posted Mar 31, 2024 1:14 UTC (Sun) by Cyberax (✭ supporter ✭, #52523)
In reply to: A backdoor in xz by mchehab
Parent article: A backdoor in xz

> - jobs are started in sequence. Things like Network were started before network daemons like sshd, apache, etc;

What about wireless or VPNs?

> Also, the "hey, I'm running" task is really simple: if a process has problems, it shall die.

A Java server that I have for telephony takes 2 minutes to start up. How would you detect that?

There's also a problem with double-forking. The only process that can detect the death of a double-forked server is PID 1, and in classic SysV all it did was to reap the PID. Ditto for inittab - it can't detect the death of double-forked processes.

to post comments

A backdoor in xz

Posted Mar 31, 2024 1:38 UTC (Sun) by DimeCadmium (subscriber, #157243) [Link] (2 responses)

> What about wireless or VPNs?

What about it? Both work fine for me, I have 3 VPNs and occasionally wireless (tethering via my phone).

> A Java server that I have for telephony takes 2 minutes to start up. How would you detect that?

Well, for one thing, I wouldn't use Java, and I wouldn't use a server that takes 2 minutes to start up. Other than that, there are plenty of solutions for this that you could easily implement in sysvinit (you can run whatever you want whenever you want, after all, it's just a shell script); OpenRC actually handles it natively (and has since before systemd existed).

> The only process that can detect the death of a double-forked server is PID 1

That's not true (PR_SET_CHILD_SUBREAPER).

> in classic SysV all it did was to reap the PID

How is that an argument for systemd?

> Ditto for inittab - it can't detect the death of double-forked processes

Huh? inittab is a config file.

A backdoor in xz

Posted Mar 31, 2024 3:51 UTC (Sun) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

> What about it? Both work fine for me, I have 3 VPNs and occasionally wireless (tethering via my phone).

Now try to make sure that the daemon does not come up until at least one network interface is up. Or until the VPN connection is established.

> That's not true (PR_SET_CHILD_SUBREAPER).

That's true in classic SysV. The subreaper was introduced only in Linux 3.4

> Huh? inittab is a config file.

If you're talking about SysV "simplicity", then you should at least learn it. Classic inittab supports respawning processes on death (action=respawn).

A backdoor in xz

Posted Mar 31, 2024 6:18 UTC (Sun) by DimeCadmium (subscriber, #157243) [Link]

> Now try to make sure that the daemon does not come up until at least one network interface is up. Or until the VPN connection is established.

Done and done.

> That's true in classic SysV. The subreaper was introduced only in Linux 3.4

... okay?

> If you're talking about SysV "simplicity", then you should at least learn it. Classic inittab supports respawning processes on death (action=respawn).

I know it, thanks. That's not a separate program. That's part of init. Controlled by the configuration file, inittab. If you're going to act like you know something better than someone else, then you should at least learn it.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds