On 12/30/25 01:33, Jacob Bachmeyer wrote: > On 12/29/25 13:53, Greg Dahlman wrote: >> I did reach out to the systemd team, while I was working with the kernel >> security team and I encouraged others to do so if they think it will be >> productive. >> >> There are sensitivities and frustrations that span all groups that make >> that conversation difficult, but I think someone with an established trust >> with the project could make forward progress. > > I certainly agree that the systemd team's apparent "cavalier" attitude > towards security (and sound architecture) makes lots of frustrations. > (For example, the "katamari" architecture that made the xz-utils sshd > backdoor possible is definitely a bad practice, although a distressingly > common one not unique to systemd.) > > To *really* set things off here, this vsock listener that crosses what > is otherwise a security boundary *looks* like an attempt at a backdoor, > although I believe it to be ignorance/negligence rather than malice.
If systemd *also* configured OpenSSH to only allow key-based login, this would be unexploitable unless OpenSSH has a vulnerability. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
