Sample Header Ad - 728x90

Checking the build of each executable, disassembling all the .o files. How to hunt down the xz kind of backdoor elsewhere in Linux distributions?

0 votes
1 answer
64 views
You might have read about the backdoor that was released with the xz command (versions 5.6.0 and 5.6.1). A malevolent committer gained the trust of his maintainer, and achieved to insert at build time some code that [is targeting sshd and creates a backdoor](https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27) . Other .o files of any Linux distribution can be also affected with the same kind of backdoor. What a malevolent committer has successfully done here, he can have done it elsewhere. And maybe years ago... How should the designers of a Linux distribution, if they are willing to to wipe out such backdoor, should proceed to find any corrupted executable of this kind (made by a diverted build process)? At this moment, the ways I see are: 1. to check every build process of every Linux command created: it's a lot of git repository to check, I think 2. but also, disassemble every existing .o file and have a look to their assembly code, to see if it's coherent with what that executable is supposed to do. What other ways should they use to hunt down this backdoor everywhere it can be?
Asked by Marc Le Bihan (2353 rep)
Apr 7, 2024, 08:44 PM
Last activity: Apr 7, 2024, 09:29 PM