Hello Peter and all, I have seen the following comment, or similar, in several articles now: "On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor<https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-utility-breaks-encrypted-ssh-connections/> had been intentionally planted in xz Utils, an open source data compression utility available on almost all installations of Linux and other Unix-like operating systems." https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
There are a couple of problems with this statement, but I just want to focus in on the "almost all installations of Linux and other Unix-like operating systems" part. From my understanding, it is certainly almost all installations of Linux, but the "and other Unix-like operating systems" doesn't seem founded. From what I understand, this backdoor would not affect any flavour of *BSD, or of illumos for that matter (ex. smartOS), or QNX, or Solaris. Just for clarity, does anyone know what "Unix-like operating systems" would be affected by this? Thank you, Katie ________________________________ From: owner-m...@openbsd.org <owner-m...@openbsd.org> on behalf of Aaron Mason <simplersolut...@gmail.com> Sent: 03 April 2024 19:17 To: misc@openbsd.org <misc@openbsd.org> Subject: Re: lcamtuf on the recent xz debacle Attention : courriel externe | external email On Sat, Mar 30, 2024 at 9:32 PM Peter N. M. Hansteen <pe...@bsdly.net> wrote: > > "This dependency existed not because of a deliberate design decision > by the developers of OpenSSH, but because of a kludge added by some > Linux distributions to integrate the tool with the operating > system’s newfangled orchestration service, systemd." > As if I needed another reason to intensely dislike systemd... -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
