|
|
Subscribe / Log in / New account

How the XZ backdoor works

How the XZ backdoor works

Posted Apr 3, 2024 20:08 UTC (Wed) by feliperalmeida (guest, #170644)
Parent article: How the XZ backdoor works

Great article!

> The backdoor also includes code that patches the binary of sshd itself to disable seccomp() and prevent the program from creating a chroot sandbox for its children.

I don't think that's accurate though. If that is referring to "https://gist.github.com/smx-smx/a6112d54777845d389bd7126d..." - the binary patch was done by the gist authors to be able to trace the `sshd` process using Frida and not by the backdoor. They probably binary-patched it to avoid recompiling.

to post comments

How the XZ backdoor works

Posted Apr 3, 2024 21:17 UTC (Wed) by daroc (editor, #160859) [Link]

That is indeed the source I got that from. Upon re-reading, I realize you are correct and I misunderstood.

Thank you for pointing out my mistake; I've edited the article with a correction.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds