From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) by sourceware.org (Postfix) with ESMTPS id D9C07386F465 for ; Tue, 2 Apr 2024 20:29:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D9C07386F465 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=golang.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D9C07386F465 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::52a ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; cv=none; b=Rd1t7iDYCLl40n6ljgXZrFL02qaprB1EZqQdoqUHBQqx/eMJc5OhcCr8Gu55HeKzU1hH5XE3KfTaFVGObnshzhp/c1lr7oUJC/bWjpLRm1CRMY5FFS+dKPsvEcw9oAK2y3xuR9Nlax4FR68VzcezF32MlfpB77cCOGuBHSesutQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; c=relaxed/simple; bh=dwbIVAjBX+XWvcTXxPV2YGmFSY2MrNkWVF9JhsbkK0s=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=SJuiq22ka6CfcFnu3KNyOkzTfcjk7CU8UGEkGbdRvs355DifCh/0iP2J8WNTPp+6/95jIufFer/RNMqK56l/jge2P2Kb28vC4jPelzBl1u4M2aqQl1GXJSidP7zBN32lmEve/81zp+d99eGXYhJ+3W7a6S+SJP2KWVqFgqHD4jE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-5dbf7b74402so3100350a12.0 for ; Tue, 02 Apr 2024 13:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google-com.20230601.gappssmtp.com; s=20230601; t=1712089746; x=1712694546; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=R56kk+Po2Ok2hPtpW1C1P4PR5z46XblMgM+xiqDEtCM/TAldfjxWvlA3KcVFkk/zRe aH13QFgveTArx8XZYveXieyfodquRXJkAeln9+HCJXii5rDBqz74El4vXlqwp0mJzmkI GK21hcinjOBa7lK/Y88WNZZbfvmrCmNnNs6h2b/iGyRDmQSgQgmAvwpWqVSAoXnKsHpQ VVoBemMOkAem2wwAtaJJVBCue64rPeUx4VFnqlB3/L2rDJ/dfwxr4SODFNYayCf0C9ZO MonGd7Epm/kPekbmxEaUDmHbixRJzBs8p0e/Cu/WWHiD4jxNwOjIvHQ+Eb1fWlkMUFZI yAXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712089746; x=1712694546; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=M7YXMLE7b+rxg2kvtEmCeHlHAMqvWz0I7bIXaGhm2h8UkitsCyKYaPR0gYrqhyD0SJ sLTHhSUUDwv6GrQ+pmQSFAU6m2l+hpokm4eZFOLCJd7hA2zQFaGysJRKuAY8oJBxiVk7 oayQDRv6pUD8CBzEYJ7hdHKrJCwD5fVWCpZlIGsfJTfP8T5E/9NABLVkzvNnC96IflJP l8L1ykx+xiR/mSgvSq7L/r9Ly9qyt6kggcWf7WZ1WLjxi9Q5A+unPVaK25YatobUWB5b OG/WexR5VRiUj/k2R4R3QO1XFPlXEb/+gxsbhTPl21b+KHd1Ll8/uCmg15+t+/J/Gcj7 DuIA== X-Forwarded-Encrypted: i=1; AJvYcCUYhHhALhQyWYOw4jngRcslwK+RyIlq9/siwr4u9kOJbjSl9bQiKPWU/eyogZwAHIbjjxSantNUV0sPe32/VxNOdqCJAWx3YmkK X-Gm-Message-State: AOJu0YwJE7AcDXZd5Sy5pTPwrRW1c+YJvIvPeoCOpg/A5B9SLFEq/p4K creV8CZDDiQxVRw7Bj4aRXOFznRukqWVwh6BDTyWZ9dAIJJURBloC2vloQFGQL30tykzqlFZan6 DjgODHe2Nlk97ZIZAYUQRQoiry9oUGFoewieg X-Google-Smtp-Source: AGHT+IGdgaGYIUwsihtpQHgOLsdvRjWlOSjKHTjaWKtrCMs02CCI5aZ8/GpAboVDa4tK++MU0RiBEsu+Gm0hns/hVMg= X-Received: by 2002:a17:90a:bc95:b0:2a2:13ec:fc6 with SMTP id x21-20020a17090abc9500b002a213ec0fc6mr10827294pjr.10.1712089745551; Tue, 02 Apr 2024 13:29:05 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> In-Reply-To: From: Ian Lance Taylor Date: Tue, 2 Apr 2024 13:28:49 -0700 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > Would it help to require (rather than just recommend) "don't use root exc= ept for the actual 'install' step" ? Seems reasonable, but note that it wouldn't make any difference to this attack. The liblzma library was modified to corrupt the sshd binary, when sshd was linked against liblzma. The actual attack occurred via a connection to a corrupt sshd. If sshd was running as root, as is normal, the attacker had root access to the machine. None of the attacking steps had anything to do with having root access while building or installing the program. Ian