From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id D2A02386F039 for ; Tue, 2 Apr 2024 20:29:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D2A02386F039 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=golang.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D2A02386F039 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1031 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; cv=none; b=Rd1t7iDYCLl40n6ljgXZrFL02qaprB1EZqQdoqUHBQqx/eMJc5OhcCr8Gu55HeKzU1hH5XE3KfTaFVGObnshzhp/c1lr7oUJC/bWjpLRm1CRMY5FFS+dKPsvEcw9oAK2y3xuR9Nlax4FR68VzcezF32MlfpB77cCOGuBHSesutQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; c=relaxed/simple; bh=dwbIVAjBX+XWvcTXxPV2YGmFSY2MrNkWVF9JhsbkK0s=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=SJuiq22ka6CfcFnu3KNyOkzTfcjk7CU8UGEkGbdRvs355DifCh/0iP2J8WNTPp+6/95jIufFer/RNMqK56l/jge2P2Kb28vC4jPelzBl1u4M2aqQl1GXJSidP7zBN32lmEve/81zp+d99eGXYhJ+3W7a6S+SJP2KWVqFgqHD4jE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-29ddfada0d0so4198843a91.3 for ; Tue, 02 Apr 2024 13:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google-com.20230601.gappssmtp.com; s=20230601; t=1712089746; x=1712694546; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=R56kk+Po2Ok2hPtpW1C1P4PR5z46XblMgM+xiqDEtCM/TAldfjxWvlA3KcVFkk/zRe aH13QFgveTArx8XZYveXieyfodquRXJkAeln9+HCJXii5rDBqz74El4vXlqwp0mJzmkI GK21hcinjOBa7lK/Y88WNZZbfvmrCmNnNs6h2b/iGyRDmQSgQgmAvwpWqVSAoXnKsHpQ VVoBemMOkAem2wwAtaJJVBCue64rPeUx4VFnqlB3/L2rDJ/dfwxr4SODFNYayCf0C9ZO MonGd7Epm/kPekbmxEaUDmHbixRJzBs8p0e/Cu/WWHiD4jxNwOjIvHQ+Eb1fWlkMUFZI yAXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712089746; x=1712694546; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=gWmH+fJx9J9tS9G9DgKwmv31SuOkMW/2HI+msoShrV6lyj0R4P/qJVY3k3DHY6ZKXp S1eKfhs8dNnb9IiRyXYKnqloD9QUwdnUXRg4VHwxY9MgRs+8QoqR/jZ0fGaUV48KaS9c 47QRNBcectGIz9y5rys6bnMq61+Z0A7DDJ+GtmNWCqqdiufMYuvtN7vFNBEY6+W6ORjZ 5wO0qktIYceleIuMIuDzjhQ7B+l7DyzbTYOQbDm8Cru6spUYerxCCuA7XbS0VknJtfx6 veQDMgbE6bTsQ+k5CqbLrqz8yaeUiS6lxjlLt7LIVX08Lz26Sfsd7iBqW1Rx/X78V5Gr cL8w== X-Forwarded-Encrypted: i=1; AJvYcCVnNcgQJH+UOkPfoiJmult2/IOEIwYWwpy9lupd9j9Yuj2LzR+IslAbBQqbCOJnvipikZOLqoL0ZvAWI2oZIlLecBYY4QgCTg== X-Gm-Message-State: AOJu0YwQKzt8Nx26LXZ7mHzvFL/gMGgvVKerCt8n75JYrWEKv9lRRJZs GWS/WfMsiOwqHU1J7ktygyQGYQLxeX7qySBeO33oR3xiaCvhHBi35QLOpvco47EsJFtJSBi4r8W JDbTECTn8pT6hFjlETxW2LezrjgJKLXJGLtVG X-Google-Smtp-Source: AGHT+IGdgaGYIUwsihtpQHgOLsdvRjWlOSjKHTjaWKtrCMs02CCI5aZ8/GpAboVDa4tK++MU0RiBEsu+Gm0hns/hVMg= X-Received: by 2002:a17:90a:bc95:b0:2a2:13ec:fc6 with SMTP id x21-20020a17090abc9500b002a213ec0fc6mr10827294pjr.10.1712089745551; Tue, 02 Apr 2024 13:29:05 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> In-Reply-To: From: Ian Lance Taylor Date: Tue, 2 Apr 2024 13:28:49 -0700 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > Would it help to require (rather than just recommend) "don't use root exc= ept for the actual 'install' step" ? Seems reasonable, but note that it wouldn't make any difference to this attack. The liblzma library was modified to corrupt the sshd binary, when sshd was linked against liblzma. The actual attack occurred via a connection to a corrupt sshd. If sshd was running as root, as is normal, the attacker had root access to the machine. None of the attacking steps had anything to do with having root access while building or installing the program. Ian