From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by sourceware.org (Postfix) with ESMTPS id 5A5E23846420 for ; Wed, 3 Apr 2024 18:51:33 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5A5E23846420 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5A5E23846420 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712170295; cv=none; b=CmE1tpcPtsWKhgqwxxTYOE22AZjJEsPOW9VtbhXdnnBJqlJXaZkwBxfs4EeUnjYph+O5B4oTJoPKrW1Q44ZMBxVhSTFRPpVXLiuXFwFGUQl0ps8SWrw0Mu9LUZJ3g5iB8VIrJOqnGHj0NH55JiJbtqeeppdX/Vqn5/yIb6JV58I= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712170295; c=relaxed/simple; bh=lwtmSDE84CuIGU6gy8D531rBla+tt5+UAbImNf9/He0=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=oItNRdx/o2HGINI/3uozBf7kig+mlEvNGVjPBc9QwZBTmlVcP8QewhKPZu7zf4UArzJ7QBR49c4UacNOUDMkrIIoS3bxqgUy0I34Oif2k8uilZslXhBvc5ZhVoy+c9j8CeTnRim6sODe8bSU539Wz9jo7dwRbep2eGAGGtnIKrI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-51381021af1so332618e87.0 for ; Wed, 03 Apr 2024 11:51:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712170291; x=1712775091; darn=gcc.gnu.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=xAb+pXD6XU657hq+6MHA2Bi8xl+S0ihiPah4JTu3Y/Y=; b=Pl01k8+6F9C/qGBOP8e1fpN5ZK1m46JFm/eZijZ5o3vT1J3TxDzDFaWzpG2/qcI3C8 yKILGhYOlQawm62XQgDZpiPtyC3PxbzLkI+VaWc4hR944Lsi0oUlVBwVQQu1AStusoR5 Ku0Srb7cfd6QeeiL2QBfAEdNdE/Rjh4SKC47pIF7AT27QEcvWWJGhgm2hAXNp9mD9szA UHTm3/e6edXuJqHl7aVV4DHIM5btDklmKUB3R5Yq5qND8zPouFYPovOxkh2pwEGChviy 6f+4Ulv27G0mL12v2ialjkB7ojbmBgVkgB0C4IvULrx5KrbfhdivitjaMCrk0R2CL6Cj davA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712170291; x=1712775091; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xAb+pXD6XU657hq+6MHA2Bi8xl+S0ihiPah4JTu3Y/Y=; b=WSlmYDvCdd6mHhAvQ93HFe4fkJeYS8UZetwsOtYl7fwlNjUrXKecWUkXM9/Z6eJLGG FKIx2JSY7HMZJtzX/YBmrFhLAva1LUvdcJ0Tr8t8xkGMrBl1637+dPFedaeoEeIWqd2D +U6jQPbbChBGxaj4LrXWICsyT+ji0rgSteIrO3//Ab0QkErT+9Fr0bEuvZR9CRGd2fIa c2Fb8+WfzElds1coleGItVohVLO0MDblE6EMuWwJUiEC7n7YGS9hKOHSiExG/avROJ1d jB34GcJf1hRE+28xOG1wbpADFxub2VLMTQKeSZ/FeuNtOblFmDPuBbra0rEdtOwjxNTA Napg== X-Forwarded-Encrypted: i=1; AJvYcCXi+yHDcUKI4CN2g9oa/go6RU5q8dLJU9GHyu7ugYrk5MgKQ6SwQFZH6fQJEhhzD+kjuHyGCK2H94ca6Alt2S4= X-Gm-Message-State: AOJu0Yw57eT7pQ0vNyb/ry2+GIdUJpGJw4YbdWc0fU1c23rLj+CMl6Lh E+OQVeb+zth3XDCc+Pcgs0oy2EsT34IQt/mGIrZtcPF4tqnUedlLPI6f5rVSxUWB/E+V4D7xmpO zcTz1tasTZFmbsDaJWgTLA7DxSV8= X-Google-Smtp-Source: AGHT+IEMZ8lBYWZQeLJDN/VqvfCJHKPsr3Xhww+OQLAnqsbeJbnkQmK+4jo9zotSzC0ijvBwT8ZUjs3P6TZe6uNYVHU= X-Received: by 2002:ac2:47f7:0:b0:515:c113:381c with SMTP id b23-20020ac247f7000000b00515c113381cmr343934lfp.30.1712170291201; Wed, 03 Apr 2024 11:51:31 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> In-Reply-To: From: Jonathan Wakely Date: Wed, 3 Apr 2024 19:51:17 +0100 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Toon Moene Cc: Ian Lance Taylor , gcc@gcc.gnu.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, 3 Apr 2024 at 19:36, Toon Moene wrote: > > On 4/3/24 20:25, Ian Lance Taylor wrote: > > > Note that the attack really didn't have anything to do with > > compressing data. The library used an IFUNC to change the PLT of a > > different function, so it effectively took control of the code that > > verified the cryptographic key. The only part of the attack that > > involved compression was the fact that it happened to live in a > > compression library. And it wouldn't matter whether the code that > > verified the cryptographic key was run as root either; the effect of > > the attack was to say that the key was OK, and that sshd should > > execute the command, and of course that execution must be done on > > behalf of the requesting user, which (as I understand it) could be > > root. > > Ah, OK - that's what I missed. > > Does your explanation mean that - if, as I do in my sshd config file - > you *forbid* root access via sshd in *any* way, you wouldn't be vulnerable ? No, sshd is still running as root.