Thoughts on the xz backdoor: an lzma-rs perspective | Blog (gendignoux.com)

submitted 5 months ago by snaggen@programming.dev to c/rust@programming.dev

4 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] FizzyOrange@programming.dev 5 points 5 months ago

If the build scripts were tiny and checked then the attack vector would have just been different, I’m not even too sure the language mattered.

I have to disagree here. Maybe they would have found another way, but it would have been a more obvious way, which is a very good thing.

Yes it would have still been compromised but it may have been detected earlier. So it's still pretty bad to have these incomprehensible build scripts.

[-] Metype@lemmy.world 2 points 5 months ago

I'm not saying incomprehensible build scripts are good here, my mistake for making it seem that way. I'm not confident that hiding it elsewhere would have been strictly more obvious but it absolutely could have been.

I've done some pretty complex C projects and haven't had build scripts nearly that large. This one seems particularly unwieldy and certainly helped the attacker.

this post was submitted on 09 Apr 2024

28 points (96.7% liked)

Rust

5744 readers

77 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev