Re: xz backdoor
Hey.
Seems some of the reverse engineers may have found some more
interesting stuff[0].
As far as I understand it, that would still require a running an
reachable sshd (so we'd still be mostly safe).
But he also thinks[1] that it may allow an interactive session.
(Not that this would change a lot, if the adversary can use system().)
Still, shows that there may be more hidden stuff, and we may not be out
of the woods yet.
Cheers,
Chris.
[0] https://twitter.com/bl4sty/status/1776691497506623562
[1] https://twitter.com/bl4sty/status/1776692874232434932
Reply to: