[kwlug-disc] Fw: Backdoor found in widely used Linux utility
Mikalai Birukou
mb at 3nsoft.com
Sat Mar 30 10:49:25 EDT 2024
>> I'd love to see what kind of pattern in a build process has been (ab)used, but repos are inaccessible.
>
> It is in Andres Freund's overview of the problem, which Jason and
> myself linked to in previous emails.
> The link that I found and posted here has detailed analysis of the
> files that add the malicious code.
>
> Here it is again.
> https://lwn.net/ml/oss-security/20240329155126.kjjfduxw2yrlxgzm@awork3.anarazel.de/
> A short summary of that is in the "Design" section here
> https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Let's quote from comment https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27?permalink_comment_id=5006224#gistcomment-5006224
"""
Relevant technical fact is that this exploit isn't on a level with information security skills of an average developer. Not only it uses smart tactic to hide itself from the commit inspection with autoconf, but also has a sophisticated payload nature, which we still can't reverse after 16 hours past the incident.
"""
... this exploit isn't on a level with information security skills of an average developer. ...
Hm-m. Complexity is riding on an existing sea of complexity in a build process. Implying that attacker is bright leaves no hope and is counter-productive.
Attacker chooses time of an attack. Defender chooses possible places, by virtue of designing and coding all places where attack may be done. Attacker can't attack in a vacuum.
This brings us back to complexity being a firm foundation for an attack. And it brings us back to mirrors: who creates complexity, why, and how, and what about clearing it up?
Gosh. How many millions of devs are there on the planet? How many 100K's of security professionals? How many views are there on "The Lazy Programmer's Guide to Secure Computing" https://www.youtube.com/watch?v=eL5o4PFuxTY ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20240330/82f408af/attachment.htm>
More information about the kwlug-disc
mailing list