It meant that had the bad xz version been shipped to distros, only some people w... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

advisedwang 5 months ago | parent | context | favorite | on: Systemd replacing ELF dependencies with dlopen

It meant that had the bad xz version been shipped to distros, only some people would been vulnerable instead of everyone. That is valuable.

rcxdude 5 months ago [–]

Though only with this particular approach to the backdoor. If systemd had always had this approach (or distros hadn't patched sshd to link it in), the attackers would have focused on a different path from delivering malicious code to widely-used distros which executes in a priviledged context to network RCE.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact