Home
JAQForum Ver 24.01
Log In or Join  
Active Topics
Local Time 20:42 25 Nov 2024 Privacy Policy
Jump to

Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me.

Forum Index : Microcontroller and PC projects : Linux back door

Author Message
PhenixRising
Guru

Joined: 07/11/2023
Location: United Kingdom
Posts: 857
Posted: 05:37pm 09 Apr 2024
Copy link to clipboard 
Print this post

Discovered?
 
stanleyella

Guru

Joined: 25/06/2022
Location: United Kingdom
Posts: 2127
Posted: 06:53pm 09 Apr 2024
Copy link to clipboard 
Print this post

this site hacked?! paranormal
 
Bleep
Guru

Joined: 09/01/2022
Location: United Kingdom
Posts: 509
Posted: 07:06pm 09 Apr 2024
Copy link to clipboard 
Print this post

For the uninitiated, a major compromise has been discovered in liblzma, where an apparent backdoor has been inserted that breaks ssh-rsa authentication in sshd. The backdoor is intentionally convoluted, but the upshot is that if SSHD loads liblzma as a dynamic library, its own RSA authentication functions get patched for Bad Ones.

This is a "software supply chain" attack that was very close to going undiscovered, and making it into major operating system components. The cleanup is ongoing - this is one of the areas in which the OSS claim "many eyes make bugs (exploits) shallow" gets wound up to 11 and given nitrous injection.

Unless you use bleeding edge Linux, probably compiling your own, there doesn't seem to be anything to worry about.

Further reading (from links not on random pseudosocial media threads):

The original report.

A breakdown.

Time line.

More details.
Edited 2024-04-10 05:18 by Bleep
 
JohnS
Guru

Joined: 18/11/2011
Location: United Kingdom
Posts: 3801
Posted: 07:48pm 09 Apr 2024
Copy link to clipboard 
Print this post

Fortunately found in good time.

Of course, there's always the more tricky kind of thing in Ken Thompson's Turing Award lecture "Reflections on Trusting Trust"

John
 
SimpleSafeName

Guru

Joined: 28/07/2019
Location: United States
Posts: 319
Posted: 12:44am 10 Apr 2024
Copy link to clipboard 
Print this post

  Bleep said  Unless you use bleeding edge Linux, probably compiling your own, there doesn't seem to be anything to worry about.


Excellent synopsis, basically the Linux community dodged a bullet before any real harm was done.

I agree that no "normal" user is going going to pull from the nightlies in general, and particularly for this library.

Had it gotten into the mainstream build that would have been a different story.


The detection of it reminds me of Cliff Stoll looking for a $0.75 discrepancy in the "billing" of the time share accounts on the mainframe. Told in the book "The Cuckoo's Egg".
 
Gizmo

Admin Group

Joined: 05/06/2004
Location: Australia
Posts: 5078
Posted: 12:56am 11 Apr 2024
Copy link to clipboard 
Print this post

Put enough patience and brains into any online system, and a vulnerability will be found.

I'll be more concerned about the apple bug, its in the CPU's and cant easily be fixed. https://www.youtube.com/watch?v=-D1gf3omRnw
The best time to plant a tree was twenty years ago, the second best time is right now.
JAQ
 
Print this page


To reply to this topic, you need to log in.

© JAQ Software 2024