<br />
<b>Warning</b>:  mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in <b>D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php</b> on line <b>21</b><br />
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connectionsFrom: Farley Flud <ff@linux.rocks>
Subject: Re: Gentoo and the XZ Backdoor
Newsgroups: comp.os.linux.advocacy
References: <17c46b44149018e9$3881$111488$802601b3@news.usenetexpress.com> <661998bb$0$7510$426a74cc@news.free.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 39
Path: ...!feeds.phibee-telecom.net!weretis.net!feeder6.news.weretis.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Sat, 13 Apr 2024 10:18:42 +0000
Nntp-Posting-Date: Sat, 13 Apr 2024 10:18:42 +0000
X-Received-Bytes: 1744
X-Complaints-To: abuse@usenetexpress.com
Organization: UsenetExpress - www.usenetexpress.com
Message-Id: <17c5cfa0d71a6173$13233$197378$802601b3@news.usenetexpress.com>
Bytes: 2165

On 12 Apr 2024 20:25:31 GMT, Stéphane CARPENTIER wrote:

> 
> Don't forgot the answers I gave you. I
> already provided you links showing you can be affected even without
> systemd.
> 

Not true.

The backdoor becomes activated only during the execution in
which sshd, libsystemd, and liblzma are linked.  In particular,
the argv[0] is checked to see if it is "/usr/bin/sshd."  If it
is not then the backdoor does not activate.

Furthermore, sshd has to invoked and I never use sshd.  Therefore,
I could be using 5.6.1 to compress/decompress and the backdoor
would just be dormant.


>>
>> https://bugs.gentoo.org/925415
>>
> 
> You should have read down a little bit further. When I read this message
> I didn't understood how it was related with the back door. And at the
> bottom, it's written: it's not related. 
>

Yes it is related.

The backdoor was first released with xz-utils 5.6.0, and this version
was causing segfaults due to code instrumentation when a profile build
was specified.  "Jia Tan" actually fixes this bug, and another involving
valgrind issues, and then releases 5.6.1 with an "improved" backdoor.

It is related because the code changes accompanying the incorporation
of the backdoor were causing problems.