From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by sourceware.org (Postfix) with ESMTPS id E7EE4386F83C for ; Tue, 2 Apr 2024 20:29:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E7EE4386F83C Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=golang.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E7EE4386F83C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::102c ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; cv=none; b=mq7+pN6YbsOBj9e+8cuAc4tnSW9Wy6iSc02CQXnUXLC1jaIRqMd3miOYJVnKmckNCNBzSkvbJcfLHGTwiuxYzh2xL/xM2J7qlUSs88LoFwq1tEQ/5aDdRaBFe1KdMXXwEORaFxYgBw9+L+tEisdFY9w6TH3lWoDSwZFRq3vsIIM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; c=relaxed/simple; bh=dwbIVAjBX+XWvcTXxPV2YGmFSY2MrNkWVF9JhsbkK0s=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=iCbDrXJXydU6dvmFGpWwKe2ZUkZ+AdgDv6tnUzy/e7nems+KpRblT5ljCc74SAQwMbcWotDxmveYo+XO3gyB0TL36X96qv0wvlsK5sG7OzVFZmANcLw66+2w0PGQ9VeIIwOKxy6YFYVn9pThU2gAgulZxl8mROf+01GlrzWN3c8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-2a274955aacso603105a91.2 for ; Tue, 02 Apr 2024 13:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google-com.20230601.gappssmtp.com; s=20230601; t=1712089746; x=1712694546; darn=gcc.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=OAfPtOE4YwfHKN3hkZjzyHuAM5BvZeDQUVzOKHZBCqHV18vfYUNZKMUeoJGOv8OeAR 6Uzqhs5GIG5os98SOFgzNXwBts/aR1wfgHTpdn73t0/MI7fTaCHPgT8Zl+Ugd2wXhGKW GaO6kkpccGZ7JSXiXfu5iKqo6FlZGJ3231Kee2+WWNyf7TD4sjIAkmk5ZrFnGKnVCQzt LB0nLQenzU/qK+Yhm58FyjFQ2uYnkOPulqpeUXChhKcBR3gQ38CF7jV6bLm1Ei9lWuk+ lqsQaJWlN65ZuQu7y2qgIwoULu+F/zOUfFZ6PhOuGb5rPWxAfa85J60sA7XlkRLdFnCX doJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712089746; x=1712694546; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=NNpycvjHTkQQXV9GFDiR994LsJAv9AtU//01X3IbGORDcQIkzKs13oYN9FROuSosUy J4JpZqthZ0I17gyNCoEnEBfDtkf4Dq02OQEkwWwIr51ie8Xp95lwa7mRnjktJCSYFhan 8Yjd/iA7dMDpmK+w/TmoKVDOVFaCBxSop7sTz8fipUA+8x39NO/9P65ggMiAAy4G3oZx j81oFkM4I04ny7U173oxrH3KiBPP/zxQZmnewvzy05I0mhtfaHdj5KEaFzPevO0mxpCV 6zIHsJAlNgJqrM/VSbN9kZyAlpkHutBneMVDJqfl4w3rjZT2qDaf9o6oXJQo0KIZJVqz hOWw== X-Forwarded-Encrypted: i=1; AJvYcCV4CfgvmzWvpZiLl1i8iJCCYn2kUlBno/rxJBCT+nhdfzphVwZ0LyWO3Yl22zDB7LI4MZhdXqQmwS48UHsGZUA= X-Gm-Message-State: AOJu0Yx9o37cVXo+O5mZFEV0dJif2ZYfN2DEkmnInzNhZ60NU35F5Ypr C6rrLH9HNT6nrp1Fd7tisBIvYdCvd79RJB/omQ2hLxT8Vsz9MUVB/Zqvym4aMo5A1bq4dci50HX DRYKiMEcyUBwpGILMMS+biEhQylGl0xsXhyuK X-Google-Smtp-Source: AGHT+IGdgaGYIUwsihtpQHgOLsdvRjWlOSjKHTjaWKtrCMs02CCI5aZ8/GpAboVDa4tK++MU0RiBEsu+Gm0hns/hVMg= X-Received: by 2002:a17:90a:bc95:b0:2a2:13ec:fc6 with SMTP id x21-20020a17090abc9500b002a213ec0fc6mr10827294pjr.10.1712089745551; Tue, 02 Apr 2024 13:29:05 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> In-Reply-To: From: Ian Lance Taylor Date: Tue, 2 Apr 2024 13:28:49 -0700 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > Would it help to require (rather than just recommend) "don't use root exc= ept for the actual 'install' step" ? Seems reasonable, but note that it wouldn't make any difference to this attack. The liblzma library was modified to corrupt the sshd binary, when sshd was linked against liblzma. The actual attack occurred via a connection to a corrupt sshd. If sshd was running as root, as is normal, the attacker had root access to the machine. None of the attacking steps had anything to do with having root access while building or installing the program. Ian