|
|
|
|
|
|
by ui2RjUen875bfFA
809 days ago
|
|
|
just take a closer look at the analysis https://www.openwall.com/lists/oss-security/2024/03/29/4 then try to understand the pattern. they backdoored by modifying the build process of packages. now consider the $XZ is also from a backdoored build and the call recognizes in the same way with parameters --robot --version and the shell environment with the hint "xz_wrap.sh" from the piped process. a lot stuff to recognize for the $XZ process that it run as part of a kernel build. Maybe they put advanced stuff in a backdoored $XZ binary to modify the kernel in a similar way they modified lzma based packages in the build process. |
|
|