Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <239062992cb042fc4c59356809ca1f32e9ea41ea.camel@scientia.org>
Date: Wed, 10 Apr 2024 01:47:33 +0200
From: Christoph Anton Mitterer <calestyo@...entia.org>
To: oss-security@...ts.openwall.com
Subject: Re: xz backdoor prevention using hosts.deny?

On Tue, 2024-04-09 at 16:36 -0700, Andres Freund wrote:
> See https://www.openwall.com/lists/oss-security/2024/03/30/37 for the
> path
> leading to certification validation before certificate validity,
> users, etc
> are checked.

And I assume "etc" includes access control via hosts.deny?


  So in other words, people who had a backdored sshd running, that
  was only protected via hosts.deny may have actually been compromised?

  Unless[0] of course, access was blocked by netfilter, some
  other firewall, router, etc. ... or sshd wasn't even running.

Right?


Cheers,
Chris


[0] And this assumes that no home calling (like automatic command/code
    pulling from the adversary, or submission of e.g. found private
    keys) and no further attack vectors (other than via sshd) or
    infestations (like creating new users or authorized_keys entries)
    are to be found...
    ... which AFAIU is not yet definitely ruled out?

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.