Hello, On Fri, Mar 29, 2024 at 07:02:54PM +0100, Kamil Jo?ca wrote: > O-o, is there any simple test to check if I have infected version or > not?
For example, under root: path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')" if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410 then echo probably vulnerable else echo probably not vulnerable fi NB: always think and read before typing root commands, or any commands you find on a forum or mailing-list :) More info: https://boehs.org/node/everything-i-know-about-the-xz-backdoor Interesting read about social interactions https://www.openwall.com/lists/oss-security/2024/03/29/4 ref for the code above https://www.openwall.com/lists/oss-security/2024/03/29/23 idea to confine the sshd -> systemd dependancy, in a specific process, because of the huge systemd attack surface