bug-standards
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Coding Standards, automake, and the recent xz-utils backdoor

From: Alfred M. Szmidt
Subject: Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
Date: Sun, 31 Mar 2024 10:56:14 -0400 
   Bluntly, I don't think it would help with security.  The attacker would
   just have to disable or adjust the distcheck target to seemingly pass.

Yeah, it should be noted that the way the backdoor got into the code
was by the _co-maintainer_ -- distcheck or not, would not have
mattered, automake or not, would not have mattered.  The individual
could have sneaked in code changes into the release tar-ball just as
well -- Github presented two sets of files one could download (direct
from git, and "release").

The deviousness of this backdoor should not be understated, it was a
long game of over two years in work and technological improvments will
simply not mitigate it.

   Relying on something in a code repository to tell whether the repository
   is secure is akin to tying a dog with sausage.

   For security proper, the verification code needs to be held elsewhere,
   not compromisable along with the thing it's supposed to verify.

   Analogously, you don't run a rootkit checker on the system that's
   potentially compromised, because the rootkit may hide itself; you boot
   off secure media and then use the tools in it to look for the rootkit in
   the potentially-compromised system, *without* handing control over to
   it.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]