From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id D141D386F003 for ; Tue, 2 Apr 2024 20:29:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D141D386F003 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=golang.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D141D386F003 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1031 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; cv=none; b=Rd1t7iDYCLl40n6ljgXZrFL02qaprB1EZqQdoqUHBQqx/eMJc5OhcCr8Gu55HeKzU1hH5XE3KfTaFVGObnshzhp/c1lr7oUJC/bWjpLRm1CRMY5FFS+dKPsvEcw9oAK2y3xuR9Nlax4FR68VzcezF32MlfpB77cCOGuBHSesutQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; c=relaxed/simple; bh=dwbIVAjBX+XWvcTXxPV2YGmFSY2MrNkWVF9JhsbkK0s=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=SJuiq22ka6CfcFnu3KNyOkzTfcjk7CU8UGEkGbdRvs355DifCh/0iP2J8WNTPp+6/95jIufFer/RNMqK56l/jge2P2Kb28vC4jPelzBl1u4M2aqQl1GXJSidP7zBN32lmEve/81zp+d99eGXYhJ+3W7a6S+SJP2KWVqFgqHD4jE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-2a074187a42so4216718a91.0 for ; Tue, 02 Apr 2024 13:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google-com.20230601.gappssmtp.com; s=20230601; t=1712089746; x=1712694546; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=R56kk+Po2Ok2hPtpW1C1P4PR5z46XblMgM+xiqDEtCM/TAldfjxWvlA3KcVFkk/zRe aH13QFgveTArx8XZYveXieyfodquRXJkAeln9+HCJXii5rDBqz74El4vXlqwp0mJzmkI GK21hcinjOBa7lK/Y88WNZZbfvmrCmNnNs6h2b/iGyRDmQSgQgmAvwpWqVSAoXnKsHpQ VVoBemMOkAem2wwAtaJJVBCue64rPeUx4VFnqlB3/L2rDJ/dfwxr4SODFNYayCf0C9ZO MonGd7Epm/kPekbmxEaUDmHbixRJzBs8p0e/Cu/WWHiD4jxNwOjIvHQ+Eb1fWlkMUFZI yAXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712089746; x=1712694546; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=WYxMqGl83nXyIoS77O+l3U5hIQtHD76kc/Xhvdzizd2mHyMe+tACBfHWmydz1gVWjo BJuInie1m1uomgSekMOquI56gNZEeXlL5yMHaD/utCI5uPyDJRrnNn3dniUAsvio7fBj rzgdaMsIFBimVLRYwVut4IfvKI0tMuKrUrOiAIt8sljCwMAOUbn++PwXQBnKmyMOio0Z Hj7kKVdVOJboKIdq7UWAtxK5h2PI37mQ9ss+4Ygvip5m/wjfw0BlWvBK12wYIr29k9GQ n4ZdMri+wiJm4wHXJMgO8fUXotWfAH/HXYsAgTVu4Z+UcHMbf9yKmnStnM22loEJyUGa QhBA== X-Forwarded-Encrypted: i=1; AJvYcCWHmJvF1MX6hQtK0ZNZAmEIGBCmNILu4BJcV3sKc6eWxR1u+DkSgsA34Wtu1YxSy/Izq7HUVHrN1cBCaJyj8nz4gfs= X-Gm-Message-State: AOJu0YxanD/FY/eP/cdAsFozmW/A4kgjbtwgE1GfPA29bCTDmrYhrjKy 4uxQ1IuCG3u5RhZAtBK5KgGODxVkGs5yk6phK8u2Ez93/qmeEGaKhN0A8HGsSiZJSwnD1JTon1D gxiBJ84VWwHp1cpQ7o5x4XKbN/u7jTcPMGKz4 X-Google-Smtp-Source: AGHT+IGdgaGYIUwsihtpQHgOLsdvRjWlOSjKHTjaWKtrCMs02CCI5aZ8/GpAboVDa4tK++MU0RiBEsu+Gm0hns/hVMg= X-Received: by 2002:a17:90a:bc95:b0:2a2:13ec:fc6 with SMTP id x21-20020a17090abc9500b002a213ec0fc6mr10827294pjr.10.1712089745551; Tue, 02 Apr 2024 13:29:05 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> In-Reply-To: From: Ian Lance Taylor Date: Tue, 2 Apr 2024 13:28:49 -0700 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > Would it help to require (rather than just recommend) "don't use root exc= ept for the actual 'install' step" ? Seems reasonable, but note that it wouldn't make any difference to this attack. The liblzma library was modified to corrupt the sshd binary, when sshd was linked against liblzma. The actual attack occurred via a connection to a corrupt sshd. If sshd was running as root, as is normal, the attacker had root access to the machine. None of the attacking steps had anything to do with having root access while building or installing the program. Ian