Re: making Debian secure by default

To: debian-user@lists.debian.org
Subject: Re: making Debian secure by default
From: Marc SCHAEFER <schaefer@alphanet.ch>
Date: Sat, 30 Mar 2024 12:38:54 +0100
Message-id: <[🔎] 20240330113853.GA16097@alphanet.ch>
In-reply-to: <[🔎] 87msqggbld.fsf@alfa.kjonca>
References: <ImJa1-27aa-1@gated-at.bofh.it> <ImKz7-28aw-1@gated-at.bofh.it> <ImPyN-2bh9-3@gated-at.bofh.it> <ImY94-2heG-5@gated-at.bofh.it> <ImZRv-2iJ8-1@gated-at.bofh.it> <In22Z-2kwg-5@gated-at.bofh.it> <InnK9-2z9u-1@gated-at.bofh.it> <[🔎] 87msqggbld.fsf@alfa.kjonca>

Hello,

On Fri, Mar 29, 2024 at 07:02:54PM +0100, Kamil Jo?ca wrote:
> O-o, is there any simple test to check if I have infected version or
> not?

For example, under root:

  path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
   if hexdump -ve '1/1 "%.2x"' "$path" | grep -q  f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
   then
        echo probably vulnerable
   else
        echo probably not vulnerable
   fi

NB: always think and read before typing root commands, or any commands
you find on a forum or mailing-list :)

More info:
   https://boehs.org/node/everything-i-know-about-the-xz-backdoor
      Interesting read about social interactions

   https://www.openwall.com/lists/oss-security/2024/03/29/4
      ref for the code above

   https://www.openwall.com/lists/oss-security/2024/03/29/23
      idea to confine the sshd -> systemd dependancy,
      in a specific process, because of the huge systemd
      attack surface

Reply to:

References:
- Re: making Debian secure by default
  - From: Kamil Jońca <kjonca@o2.pl>

Prev by Date: Re: making Debian secure by default
Next by Date: Bluetooth sound problems playing from a web browser
Previous by thread: Re: making Debian secure by default
Next by thread: variables in bash
Index(es):
- Date
- Thread