[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] backdoor in upstream xz/liblzma leading to ssh server compromise
From:       Jacob Bachmeyer <jcb62281 () gmail ! com>
Date:       2024-04-19 2:17:28
Message-ID: 6621D438.5080005 () gmail ! com
[Download RAW message or body]

Matt Johnston wrote:
> On 2024-04-17 10:25 am, Jacob Bachmeyer wrote:
>
>> see that particular slowdown?  (Not the backdoor initialization making
>> sshd take longer to start up---a running sshd taking longer to reject
>> a session for a nonexistent account, unless Andres Freund forgot to
>> tell us that he was running sshd from inetd and thereby including sshd
>> startup latency in his measurements.)
>
> Recent OpenSSH always re-execs for each incoming connection (for fresh 
> ASLR) so it's always similar to inetd startup.

Aha!  That explains it.  There may not be another backdoor after all:  
if sshd always reinitializes by exec, it would incur the full startup 
delay for each connection, and the backdoor may actually be inert if the 
client requests publickey auth.

Thank you for filling in the missing detail.


-- Jacob

[prev in list] [next in list] [prev in thread] [next in thread]