Deutsch English Français Italiano |
<uufap2$2nu6h$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: candycanearter07 <candycanearter07@candycanearter07.nomail.afraid> Newsgroups: comp.os.linux.advocacy Subject: Re: Check If Your Distro Is Vulnerable To XZ Backdoor Date: Mon, 1 Apr 2024 22:00:03 -0000 (UTC) Organization: the-candyden-of-code Lines: 67 Message-ID: <uufap2$2nu6h$1@dont-email.me> References: <17c1daf1b743b4f8$156268$3716115$802601b3@news.usenetexpress.com> <uuc40a$22uoo$1@solani.org> <uuehj4$2htpk$2@dont-email.me> <uues7i$o69$2@solani.org> <uuev29$2l6ri$2@dont-email.me> <uuevej$o69$5@solani.org> <uuf07o$2lfi5$1@dont-email.me> <uuf0er$o69$6@solani.org> <uuf0sp$o69$7@solani.org> <uuf17d$o69$8@solani.org> <uuf1vv$2lse9$1@dont-email.me> <uuf23m$o69$10@solani.org> <uuf35f$2m58i$1@dont-email.me> <uuf510$tfl$1@solani.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Injection-Date: Mon, 01 Apr 2024 22:00:03 +0200 (CEST) Injection-Info: dont-email.me; posting-host="c5052260dac7a453616c524f7eecdb82"; logging-data="2881745"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18N4rz4HCR687Wc1iUxRKiaj5uYSxwfhR0rr8VXGTnJmg==" User-Agent: slrn/pre1.0.4-9 (Linux) Cancel-Lock: sha1:DSxQnEj/RPR6yDNOTjaIFUbJa2g= X-Face: b{dPmN&%4|lEo,wUO\"KLEOu5N_br(N2Yuc5/qcR5i>9-!^e\.Tw9?/m0}/~:UOM:Zf]% b+ V4R8q|QiU/R8\|G\WpC`-s?=)\fbtNc&=/a3a)r7xbRI]Vl)r<%PTriJ3pGpl_/B6!8pe\btzx `~R! r3.0#lHRE+^Gro0[cjsban'vZ#j7,?I/tHk{s=TFJ:H?~=]`O*~3ZX`qik`b:.gVIc-[$t/e ZrQsWJ >|l^I_[pbsIqwoz.WGA]<D Bytes: 3575 Physfitfreak <physfitfreak@gmail.com> wrote at 20:21 this Monday (GMT): > On 4/1/24 14:50, candycanearter07 wrote: >> >>>>>>>> Physfitfreak <physfitfreak@gmail.com> wrote at 18:46 this Monday (GMT): >>>>>>>>> On 4/1/24 13:40, candycanearter07 wrote: >>>>>>>>>> which sshd >>>>>>>>> >>>>>>>>> I get: >>>>>>>>> >>>>>>>>> hydrogen@hydrogen-OptiPlex-7050:~$ which sshd >>>>>>>>> hydrogen@hydrogen-OptiPlex-7050:~$ >>>>>>>>> >>>>>>>>> as if it just ignored it. >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Weird, probably means it's not installed.. >>>>>>> >>>>>>> I get the same result with command, >>>>>>> >>>>>>> which >>>>>>> >>>>>>> by itself. So it is something about the command, not sshd. >>>>>> >>>>>> >>>>>> No, the command: which exists of course but requires an argument or >>>>>> file. I don't know why running it by itself doesn't give error saying it >>>>>> requires a file or argument. >>>>>> >>>>>> It responds to command: which ls as it's supposed to. So sshd, >>>>>> whatever it is, is certainly not on my system. >>>>>> >>>>>> >>>>> >>>>> >>>>> Does sshd need to be on the system for security? Or is it the sshd >>>>> itself that has provided a backdoor? >>>> >>>> >>>> Unless you need to remote into your computer, sshd isnt /neccesary/. >>> >>> >>> Oh, ok. I'll uninstall the two packages then. Thanks. >> >> >> No problem. I have it installed as a backup, but leave the server off >> unless I need it. > > I uninstalled both packages, and yet when I run the command it still > says sshd is there: > > hydrogen@hydrogen-OptiPlex-7050:~$ which sshd > /usr/sbin/sshd > > > So it evidently cannot be removed by uninstalling. Is that how that > "back door" works? I think I'll just directly delete it then. > > > > Weird. Maybe it's being supplied by another package? -- user <candycane> is generated from /dev/urandom