83
ELI5: The Linux xz backdoor situation (pawb.social)
submitted 6 months ago by VinesNFluff@pawb.social to c/explainlikeimfive@lemmy.world
33 comments fedilink hide all child comments

PLEASE. I keep seeing it in memes. As I understand it the latest version of the xz package (present in rolling release distros like Arch and SUSE Tumbleweed) has "a backdoor", but I have no earthly clue what can be done by malicious folks with access to that backdoor or if I should be afraid or how to check if my distro is compromised or how to prevent damage if it is or (...)

you are viewing a single comment's thread
view the rest of the comments
[-] Fecundpossum@lemmy.world 22 points 6 months ago

Chances are very, very high, that you are not nearly interesting enough to warrant someone utilizing said back door to discover your stash of furry lewds. The primary target for an exploit like this, is either nation state level (industrial/political espionage, tampering with financial markets, etc.) or criminal enterprise level going after high value targets. Trying to dragnet every random whoever to see if they have data worth compromising wouldn’t be much of a money maker.

That said, this is one of the dangers of using a rolling release. I was running endeavourOS and was likely exposed to the back door for a while. I’ve since switched back to Fedora, which was only exposed on its testing branch (rawhide).

[-] ilmagico@lemmy.world 12 points 6 months ago

From my understanding, Arch based distros don't link ssh with systemd, and so are likely unaffected. That includes EndeavourOS. Since researchers are still analyzing the code, Arch took some steps to patch it anyways, just in case there some other hidden backdoor.

[-] Fecundpossum@lemmy.world 4 points 6 months ago

Well that’s good to know. Still feeling pretty cozy on fedora, even got secure boot on for whatever that’s worth. Likely not much.

[-] VinesNFluff@pawb.social 6 points 6 months ago

to discover your stash of furry lewds.

No need to call me out, even if my home instance makes that obvious.

[-] Fecundpossum@lemmy.world 3 points 6 months ago

Sorry I assumed you’d get a laugh out of it, wasn’t trying to do any harm.

[-] VinesNFluff@pawb.social 2 points 6 months ago

I was being silly as well :P

[-] Fecundpossum@lemmy.world 1 points 6 months ago

lol. Okay good.

[-] hydroptic@sopuli.xyz 5 points 6 months ago

The backdoor's probably not "installed" on anything but Debian & distros that use RPM so Arch would probably have been fine just due to that alone, see eg. this HN comment which summarizes things pretty well.

[-] jonne@infosec.pub 4 points 6 months ago

Maybe initially, when nobody knew about it. I bet it'll be reverse engineered and filtered down to script kiddies soon, if it hasn't already. If your server is affected, you should definitely fix it or even reinstall.

this post was submitted on 31 Mar 2024
83 points (95.6% liked)

Explain Like I'm Five

14093 readers
23 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 1 year ago
MODERATORS
sabbah@lemmy.world
AradFort@lemmy.world
rikudou@lemmings.world
Don_Dickle@lemmy.world
Rikudou_Sage@lemmy.world