From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id 4OVfNMdqDGYrlSAAWB0awg (envelope-from ) for ; Tue, 02 Apr 2024 16:29:59 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; secure) header.d=sourceware.org header.i=@sourceware.org header.a=rsa-sha256 header.s=default header.b=AmPtjN+V; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id D2D9B1E0C0; Tue, 2 Apr 2024 16:29:59 -0400 (EDT) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id B9DB91E030 for ; Tue, 2 Apr 2024 16:29:57 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2B1CC386F460 for ; Tue, 2 Apr 2024 20:29:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2B1CC386F460 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1712089797; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; h=References:In-Reply-To:Date:Subject:To:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From:Reply-To:From; b=AmPtjN+Vul4WzOyLtrwhe6wypolteeih7V9DaF72RQEaPUqYqv2hNPjX5DYi3ZYFp BMRZ7Vd/KUTlA5bj5PjWg+MTgHP2qNcwCN37+e364GcVRhKk76b7WN7qNYaRGSbd/9 9FyLgH4PAj8pna8ZPRAZGarKDJDnHTti5xYGHMeA= Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by sourceware.org (Postfix) with ESMTPS id D141D386F003 for ; Tue, 2 Apr 2024 20:29:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D141D386F003 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D141D386F003 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; cv=none; b=Rd1t7iDYCLl40n6ljgXZrFL02qaprB1EZqQdoqUHBQqx/eMJc5OhcCr8Gu55HeKzU1hH5XE3KfTaFVGObnshzhp/c1lr7oUJC/bWjpLRm1CRMY5FFS+dKPsvEcw9oAK2y3xuR9Nlax4FR68VzcezF32MlfpB77cCOGuBHSesutQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712089748; c=relaxed/simple; bh=dwbIVAjBX+XWvcTXxPV2YGmFSY2MrNkWVF9JhsbkK0s=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=SJuiq22ka6CfcFnu3KNyOkzTfcjk7CU8UGEkGbdRvs355DifCh/0iP2J8WNTPp+6/95jIufFer/RNMqK56l/jge2P2Kb28vC4jPelzBl1u4M2aqQl1GXJSidP7zBN32lmEve/81zp+d99eGXYhJ+3W7a6S+SJP2KWVqFgqHD4jE= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1031.google.com with SMTP id 98e67ed59e1d1-2a074187a42so4216718a91.0 for ; Tue, 02 Apr 2024 13:29:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712089746; x=1712694546; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C3DmygAlIr1uzpTWd2lQ0VHhyrYChu/v26Wl62us4Zw=; b=WYxMqGl83nXyIoS77O+l3U5hIQtHD76kc/Xhvdzizd2mHyMe+tACBfHWmydz1gVWjo BJuInie1m1uomgSekMOquI56gNZEeXlL5yMHaD/utCI5uPyDJRrnNn3dniUAsvio7fBj rzgdaMsIFBimVLRYwVut4IfvKI0tMuKrUrOiAIt8sljCwMAOUbn++PwXQBnKmyMOio0Z Hj7kKVdVOJboKIdq7UWAtxK5h2PI37mQ9ss+4Ygvip5m/wjfw0BlWvBK12wYIr29k9GQ n4ZdMri+wiJm4wHXJMgO8fUXotWfAH/HXYsAgTVu4Z+UcHMbf9yKmnStnM22loEJyUGa QhBA== X-Forwarded-Encrypted: i=1; AJvYcCWHmJvF1MX6hQtK0ZNZAmEIGBCmNILu4BJcV3sKc6eWxR1u+DkSgsA34Wtu1YxSy/Izq7HUVHrN1cBCaJyj8nz4gfs= X-Gm-Message-State: AOJu0YxanD/FY/eP/cdAsFozmW/A4kgjbtwgE1GfPA29bCTDmrYhrjKy 4uxQ1IuCG3u5RhZAtBK5KgGODxVkGs5yk6phK8u2Ez93/qmeEGaKhN0A8HGsSiZJSwnD1JTon1D gxiBJ84VWwHp1cpQ7o5x4XKbN/u7jTcPMGKz4 X-Google-Smtp-Source: AGHT+IGdgaGYIUwsihtpQHgOLsdvRjWlOSjKHTjaWKtrCMs02CCI5aZ8/GpAboVDa4tK++MU0RiBEsu+Gm0hns/hVMg= X-Received: by 2002:a17:90a:bc95:b0:2a2:13ec:fc6 with SMTP id x21-20020a17090abc9500b002a213ec0fc6mr10827294pjr.10.1712089745551; Tue, 02 Apr 2024 13:29:05 -0700 (PDT) MIME-Version: 1.0 References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> In-Reply-To: Date: Tue, 2 Apr 2024 13:28:49 -0700 Message-ID: Subject: Re: Sourceware mitigating and preventing the next xz-backdoor To: Paul Koning Cc: Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-9.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, USER_IN_DEF_SPF_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Ian Lance Taylor via Gdb Reply-To: Ian Lance Taylor Errors-To: gdb-bounces+public-inbox=simark.ca@sourceware.org Sender: "Gdb" On Tue, Apr 2, 2024 at 1:21=E2=80=AFPM Paul Koning via Gcc wrote: > > Would it help to require (rather than just recommend) "don't use root exc= ept for the actual 'install' step" ? Seems reasonable, but note that it wouldn't make any difference to this attack. The liblzma library was modified to corrupt the sshd binary, when sshd was linked against liblzma. The actual attack occurred via a connection to a corrupt sshd. If sshd was running as root, as is normal, the attacker had root access to the machine. None of the attacking steps had anything to do with having root access while building or installing the program. Ian