this post was submitted on 31 Mar 2024
83 points (95.6% liked)

Explain Like I'm Five

14277 readers
10 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 1 year ago
MODERATORS
sabbah@lemmy.world
AradFort@lemmy.world
rikudou@lemmings.world
Don_Dickle@lemmy.world
Rikudou_Sage@lemmy.world
83
ELI5: The Linux xz backdoor situation (pawb.social)
submitted 7 months ago by VinesNFluff@pawb.social to c/explainlikeimfive@lemmy.world
33 comments fedilink hide all child comments
 

PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has "a backdoor", but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (...)

you are viewing a single comment's thread
view the rest of the comments
[–] ashaman2007@lemm.ee 30 points 7 months ago (9 children)

Fairly simple explanation by arstechnica: “The malicious versions [of xz], researchers said, intentionally interfere with authentication performed by SSH, a commonly used protocol for connecting remotely to systems. SSH provides robust encryption to ensure that only authorized parties connect to a remote system. The backdoor is designed to allow a malicious actor to break the authentication and, from there, gain unauthorized access to the entire system. The backdoor works by injecting code during a key phase of the login process.”

Also from the article, you should check if your distro is offering a downgrade from the affected 5.6.x packages. Right now the exploit is not fully understood. For example, openSUSE recommends a full reinstall of Tumbleweed if an SSH server was enabled, just to mitigate risk.

https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/

https://news.opensuse.org/2024/03/29/xz-backdoor/

[–] AAA@feddit.de 5 points 7 months ago (1 children)

Right now the exploit is not fully understood.

How so, btw? The original maintainer and everyone else can read the changed code, so how can it not be fully understood? Is it that heavily obfuscated, or...?

[–] Ptsf@lemmy.world 6 points 7 months ago

The backdoor was not contained within the source code, but within precompiled binary blobs sent "downstream" from the maintainer, this is often done so that end users get a leaner version of the software without development tool chains attached, which also makes automated checking of these blobs difficult to impossible so instead we rely on verified and trusted upstream maintainers to be "good actors". That's the reason this is such a big wakeup call, as it's a maintainer that worked on projects and waited for years before trying to push this through.

load more comments (7 replies)