On 4/1/24 17:06, Mark Wielaard wrote:
A big thanks to everybody working this long Easter weekend who helped
analyze the xz-backdoor and making sure the impact on Sourceware and
the hosted projects was minimal.
Thanks for those efforts !
Now, I have seen two more days of thinking about this vulnerability ...
but no one seem to address the following issues:
A hack was made in liblzma, which, when the code was executed by a
daemon that by virtue of its function, *has* to be run as root, was
effective.
Two questions arise (as far as I am concerned):
1. Do daemons like sshd *have* to be linked with shared libraries ?
Or could it be left to the security minded of the downstream
(binary) distributions to link it statically with known & proven
correct libraries ?
2. Is it a limitation of the Unix / Linux daemon concept that, once
such a process needs root access, it has to have root access
*always* - even when performing trivial tasks like compressing
data ?
I recall quite well (vis-a-vis question 2) that the VMS equivalent would
drop all privileges at the start of the code, and request only those
relevant when actually needed (e.g., to open a file for reading that was
owned by [the equivalent on VMS] of root - or perform other functions
that only root could do), and then drop them immediately afterwards again.
Kind regards,
--
Toon Moene - e-mail: t...@moene.org - phone: +31 346 214290
Saturnushof 14, 3738 XG Maartensdijk, The Netherlands