federicomena, 1 month ago Is there a description of when the xz backdoor would execute / what it would do? I understand it is something in openssh / libsystemd but I'd like to know what triggers it.
Is there a description of when the xz backdoor would execute / what it would do? I understand it is something in openssh / libsystemd but I'd like to know what triggers it.
Migueldeicaza, 1 month ago @federicomena short version:during decompression, if a secret key is validated to be there, it calls system with the script hidden inside the payload.
@federicomena short version:during decompression, if a secret key is validated to be there, it calls system with the script hidden inside the payload.
penguin42, 1 month ago @federicomena https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b seems to be the one being quoted; I think it's explicitly only sshd being hooked, and it's spotting certain keys and executing a system() command based on a field in the key if I understand correctly.
@federicomena https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b seems to be the one being quoted; I think it's explicitly only sshd being hooked, and it's spotting certain keys and executing a system() command based on a field in the key if I understand correctly.
Add comment