[mdlug] info about the xz backdoor
Ron / BCLUG
admin at bclug.ca
Sun Mar 31 13:53:36 EDT 2024
Dark Star wrote on 2024-03-31 07:11:
> Isn't this the the reason they switched to using systemd instead of initd.
What do you mean by "this"?
Regardless, the answer is "No".
It's best to think of systemd as a services lifecycle management system,
not merely an init system.
> Another shining example of "fix it until it's broke".
Again, "No".
It's worthwhile to ask, "why did the 2 largest Linux distros each
develop a services lifecycle management system?" (Canonical had Upstart,
RedHat had systemd.)
Surely there was a need for such a thing - no-one is paying expensive
developers to undertake such projects just for fun.
RedHat even included UpStart for a short while - as did SUSE (I think),
until consensus was reached that systemd was more capable.
> Maybe we should be thanking those experts over at IBM.
> First the Linux Blue Screen of Death, and now a backdoor.
sigh.
The "blue screen of death" is for kernel panics, at which point there is
literally nothing else the kernel can do to keep running the system.
Hence, the Linux BSOD, a mildly trollish name for when something gets
displayed when nothing else can happen.
Also, systemd was not the target of this exploit, the payload was
delivered via certificates provided to sshd at connection attempt.
> It sounds like the work of Microsoft.
Okaaaayyyyyy.
As Jonathan Billings pointed out:
> For what it’s worth, it was a Microsoft employee who discovered the
> initial backdoor, and shared it with investigators.
More information about the mdlug
mailing list