Backdoor in upstream xz/liblzma leading to SSH server compromise

mer said:
Did the video talk about specific changes to OpenSSH "required" by systemd?
I'm trying to think what changes beyond a systemd service file if you are running opensshd, but openssh as a client, why should it need hooks to systemd?
Click to expand...
There are various mentions of the systemd aspects in this other HN thread:

Story of XZ Backdoor [video]

These might also be of interest:

Everything I Know About the XZ Backdoor

Discovering the XZ Backdoor with Andres Freund (podcast episode)
 
  • Like
Reactions: mer
cracauer@ thank you. That was informative. I agree with the statement in it about "sshd opened it's listening socket so it's ready" Anything else like firewall rules is not and should not be "cared about" by sshd.
sshd has a dependency on "network available" and an optional dependency on "firewall rules in place" Optional because maybe the system is not running a firewall.
 
mer said:
Did the video talk about specific changes to OpenSSH "required" by systemd?
I'm trying to think what changes beyond a systemd service file if you are running opensshd, but openssh as a client, why should it need hooks to systemd?
Click to expand...
Openssh never accepted any changes that added a dependency on systemd. The various distros had custom patches that would link Openssh to libsystemd. This means that BSD systems would've been unaffected even if they'd managed to get this backdoor out into the wild.
 
  • Like
Reactions: mer
Jose said:
Openssh never accepted any changes that added a dependency on systemd. The various distros had custom patches that would link Openssh to libsystemd. This means that BSD systems would've been unaffected even if they'd managed to get this backdoor out into the wild.
Click to expand...
Upstream not accepting systemd patches is understandable :) To satisfy my curiousity I need to see some of these patches, simply because I just cannot see a need for anything beyond a service/rununit file.
 
You must log in or register to reply here.
Back
Top