From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by sourceware.org (Postfix) with ESMTPS id D8E85386F435 for ; Tue, 2 Apr 2024 20:29:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D8E85386F435 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=golang.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=google.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D8E85386F435 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1032 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; cv=none; b=Rd1t7iDYCLl40n6ljgXZrFL02qaprB1EZqQdoqUHBQqx/eMJc5OhcCr8Gu55HeKzU1hH5XE3KfTaFVGObnshzhp/c1lr7oUJC/bWjpLRm1CRMY5FFS+dKPsvEcw9oAK2y3xuR9Nlax4FR68VzcezF32MlfpB77cCOGuBHSesutQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; c=relaxed/simple; bh=dwbIVAjBX+XWvcTXxPV2YGmFSY2MrNkWVF9JhsbkK0s=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=SJuiq22ka6CfcFnu3KNyOkzTfcjk7CU8UGEkGbdRvs355DifCh/0iP2J8WNTPp+6/95jIufFer/RNMqK56l/jge2P2Kb28vC4jPelzBl1u4M2aqQl1GXJSidP7zBN32lmEve/81zp+d99eGXYhJ+3W7a6S+SJP2KWVqFgqHD4jE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1032.google.com with SMTP id 98e67ed59e1d1-2a074187a42so4216720a91.0 for ; Tue, 02 Apr 2024 13:29:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google-com.20230601.gappssmtp.com; s=20230601; t=1712089746; x=1712694546; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=R56kk+Po2Ok2hPtpW1C1P4PR5z46XblMgM+xiqDEtCM/TAldfjxWvlA3KcVFkk/zRe aH13QFgveTArx8XZYveXieyfodquRXJkAeln9+HCJXii5rDBqz74El4vXlqwp0mJzmkI GK21hcinjOBa7lK/Y88WNZZbfvmrCmNnNs6h2b/iGyRDmQSgQgmAvwpWqVSAoXnKsHpQ VVoBemMOkAem2wwAtaJJVBCue64rPeUx4VFnqlB3/L2rDJ/dfwxr4SODFNYayCf0C9ZO MonGd7Epm/kPekbmxEaUDmHbixRJzBs8p0e/Cu/WWHiD4jxNwOjIvHQ+Eb1fWlkMUFZI yAXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712089746; x=1712694546; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=PKuqjr/Fg8U+4KhYsEtaa2Fb/Y8bHcVYRKWSG4dpgNheJc1Worf6GaVk992J17Nvh2 t7EFz1rlI1L8w3cuaprQxnmsS267V917lq0MSnWVFWSFSMKkDv3HeqdfKWamLIqw3yAX ur+6qi8M3eC3dJ7TeL4IIH4MwfYwWNHTjSTnL8fwjKUaA2WAPG69bhQsi/XEGx83mtyk PftW1nPEJPJmiklrEon7nAMHvhBd99EK7KukFRFLndlrrQpVyikGcbw+98TPGon+RmWz VQ71MSBNRxlqVAfKtN20L0qTH5Z6C+suC6B7KXHrzoX6XI/Hy7NkGjnbHilmC6Rujxfl Cq9g== X-Forwarded-Encrypted: i=1; AJvYcCUFgZAjP+YNmaxwx4EMLH3oW3azduKJiKoBxn3DL0+UThphz3iASTIf+dB2wVA9ifR4xKanUjiiWkCfOjJnyXLMwnQd5y1qSSw= X-Gm-Message-State: AOJu0YyO75sVC4byPJI8FRo4BhdykJnRZOrzfhyX2+Lk8tdvGbhX/nXk ODL3/R9BEXkSvMJ5fkJJ5J+a8xQzIYix/MvIX/o3c4yeSWe1g292ong4j6inQFVcA+7UPBPFuQw 8npA/KHBLHKcCV1ltbc1DRP4+5VekqXFzKmV2 X-Google-Smtp-Source: AGHT+IGdgaGYIUwsihtpQHgOLsdvRjWlOSjKHTjaWKtrCMs02CCI5aZ8/GpAboVDa4tK++MU0RiBEsu+Gm0hns/hVMg= X-Received: by 2002:a17:90a:bc95:b0:2a2:13ec:fc6 with SMTP id x21-20020a17090abc9500b002a213ec0fc6mr10827294pjr.10.1712089745551; Tue, 02 Apr 2024 13:29:05 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> In-Reply-To: From: Ian Lance Taylor Date: Tue, 2 Apr 2024 13:28:49 -0700 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > Would it help to require (rather than just recommend) "don't use root exc= ept for the actual 'install' step" ? Seems reasonable, but note that it wouldn't make any difference to this attack. The liblzma library was modified to corrupt the sshd binary, when sshd was linked against liblzma. The actual attack occurred via a connection to a corrupt sshd. If sshd was running as root, as is normal, the attacker had root access to the machine. None of the attacking steps had anything to do with having root access while building or installing the program. Ian