A backdoor in xz
A backdoor in xz
Posted Mar 31, 2024 17:06 UTC (Sun) by nix (subscriber, #2304)In reply to: A backdoor in xz by Cyberax
Parent article: A backdoor in xz
What next? Shall we make changes to allow for Windows's per-libc malloc(), or for Linux's not-at-all-planned upcoming transition to Mach-O?
Posted Mar 31, 2024 18:54 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link] (2 responses)
This is subject to change: https://lwn.net/Articles/958438/
> particularly when those changes *reduce* security
They don't. libsystemd will _still_ depend on xz, it just will be hidden from cursory analysis.
> What next? Shall we make changes to allow for Windows's per-libc malloc(),
That's actually a pretty good idea, that will make several classes of vulnerabilities more difficult to exploit.
> or for Linux's not-at-all-planned upcoming transition to Mach-O?
I'd take PE: https://blog.hiler.eu/win32-the-only-stable-abi/
Posted Mar 31, 2024 19:36 UTC (Sun)
by nix (subscriber, #2304)
[Link] (1 responses)
I honestly wonder if you're even reading this thread. This attack depended on liblzma being loaded into sshd's memory because it was loaded by virtue of DT_NEEDED: after this commit, it would not be loaded at all, because libsystemd would only have loaded it if compressed journal reading was attempted, which sshd never attempts.
So it *would* in fact solve the problem.
But I'm tired of arguing with a brick wall with prejudged opinions, I think. Good night.
Posted Mar 31, 2024 20:16 UTC (Sun)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Reread your words. THIS attack. As in, this _particular_ one. Sure, having the library dlopen()-ed prevents it. I can think of several ways I can backdoor liblzma to work around it.
Making the system usable with mimmutable/mseal would prevent whole categories of exploits. And promoting the dlopen() craze will make this kind of mitigation impossible.
And yeah, I absolutely hate the braindead design of nsswitch, PAM, and now libsystemd.
A backdoor in xz
A backdoor in xz
A backdoor in xz