[anarazel]

I don't know if off the clock accurate. My job is to work on postgres, I was helping out with the development of a feature (avoid a perf regression in a degenerate case, in a patch improving much more common cases). OTOH, I think it was late at night at that point. What's on/off the clock for an OSS dev...

[breadwinner]

Would it be fair to say that the perpetrators could have covered their tracks better? Could they for example, have fixed the valgrind errors? And if so, would this backdoor have remained hidden for much longer?

What was the moment like, when you realized you have stumbled upon a backdoor? I mean, it is riveting just to read the various reports of this backdoor!

[anarazel]

> Would it be fair to say that the perpetrators could have covered their tracks better? Could they for example, have fixed the valgrind errors? And if so, would this backdoor have remained hidden for much longer?

Yes. Mostly they should have reduced the cost of starting up sshd with the backdoor. A lot of that seems to be due to all the symbol lookups they needed to do, while staying obfuscated. It feels like they started with a reasonable set of features and then just piled on more and more, leading to the noticeable cpu usage.

I think the valgrind warnings were only triggered when using -fno-omit-frame-pointers. Which, at the time they wrote this stuff, wasn't the default anywhere. They got unlucky in that Fedora changed to default to that and that I happened to have that set in my valgrind tests.

> What was the moment like, when you realized you have stumbled upon a backdoor? I mean, it is riveting just to read the various reports of this backdoor!

It was many hours of slowly figuring that out, room for different emotions. Lots of nervous cackling. Thinking I must just be hallucinating. Worry about how to deal with this. And more...

Edit: Grammar