[mdlug] info about the xz backdoor
LAP
mail1 at lapiet.info
Sun Mar 31 14:31:33 EDT 2024
On Sun, 31 Mar 2024 13:49:46 -0400
Jonathan Billings <billings at negate.org> wrote:
>
> While it was the inclusion of systemd’s notification into OpenSSH
> (which improves service automation) that brought in the library, I
> suspect blaming systemd is probably beside the point, the author of
> the backdoor would have just attacked a different subsystem.
>
My use of GNU/Linux is just to run applications on a desktop
workstation. I have little interest, if any at all, in the
networking aspects (aside from an Internet connection).
Thus, all these security concerns simply do not apply to my
situation, which I imagine is very common among GNU/Linux
users.
The kernel source code is distributed as xz-compresed tarballs
and I recently used xz-utils 2.6.2 to decompress and build the
latest kernel (6.8.2). There was no problem as this falls outside
of the scope of the backdoor.
So, in my estimation, this backdoor is only a problem when a
machine routinely accepts connections via sshd. For a desktop
workstation user this backdoor should be of no concern.
More information about the mdlug
mailing list