|
|
|
|
|
|
by jmclnx
183 days ago
|
|
|
>While xz is commonly present in most Linux distributions, Not Slackware since Slackware does not patch xz or many other utilities. Plus it does not use systemd. From what I remember a patch was put in to give systemd extra functionality and someone used that patch to sneak in the backdoor. |
|
|
This wasn't exactly necessary since the protocol has been stable for external use for ages (since its inception IIRC) and is relatively trivial to implement.
Since the attack happened openssh gained native support for the sd-notify protocol, the sd-notify man page has an example implementation that is freely usable and libsystemd now only loads xz (and most of its other libraries) when explicitly requested by one of the tools via `dlopen`.