Re: making Debian secure by default
Hello,
On Fri, Mar 29, 2024 at 07:02:54PM +0100, Kamil Jo?ca wrote:
> O-o, is there any simple test to check if I have infected version or
> not?
For example, under root:
path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
then
echo probably vulnerable
else
echo probably not vulnerable
fi
NB: always think and read before typing root commands, or any commands
you find on a forum or mailing-list :)
More info:
https://boehs.org/node/everything-i-know-about-the-xz-backdoor
Interesting read about social interactions
https://www.openwall.com/lists/oss-security/2024/03/29/4
ref for the code above
https://www.openwall.com/lists/oss-security/2024/03/29/23
idea to confine the sshd -> systemd dependancy,
in a specific process, because of the huge systemd
attack surface
Reply to: