|
|
|
|
|
|
by BoomerMoment
813 days ago
|
|
|
Portability. A test to get the answer to "what the fuck am I running on and what does it support" is more portable and robust than thousands of "flavours" manually configured in /etc/whatamieven.conf The author misses that the buildtime magic for the xz exploit is not in the m4 file but in an obfuscated, compressed, encrypted, binary disguised as a test file that alters the build process at multiple stages (configure and build) A better argument can be made that the act of compiling a binary / obfuscating / minifying code instead of interpreting code directly is the fault. |
|
|
That means it's totally normal to ship all kinds of really crazy looking stuff, and so when someone noticed that and decided to use that as their mechanism for extracting some badness from a so-called "test file" that was actually laden with their binary code, is it so surprising that it happened? To me, it seems inevitable.
Yeah, no. The author is well aware of how and why autotools are not awesome but also with the background of why they exist.
A better argument can be made that the act of compiling a binary / obfuscating / minifying code instead of interpreting code directly is the fault.
I can’t decide if you’ve never worked in systems software or trying to be hyperbolic. Given that it’s HN I’ll assume the best. But who do you think would do the interpreting? The priests at Delphi?