| Deutsch English Français Italiano |
|
<uufap2$2nu6h$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: candycanearter07 <candycanearter07@candycanearter07.nomail.afraid>
Newsgroups: comp.os.linux.advocacy
Subject: Re: Check If Your Distro Is Vulnerable To XZ Backdoor
Date: Mon, 1 Apr 2024 22:00:03 -0000 (UTC)
Organization: the-candyden-of-code
Lines: 67
Message-ID: <uufap2$2nu6h$1@dont-email.me>
References: <17c1daf1b743b4f8$156268$3716115$802601b3@news.usenetexpress.com>
<uuc40a$22uoo$1@solani.org> <uuehj4$2htpk$2@dont-email.me>
<uues7i$o69$2@solani.org> <uuev29$2l6ri$2@dont-email.me>
<uuevej$o69$5@solani.org> <uuf07o$2lfi5$1@dont-email.me>
<uuf0er$o69$6@solani.org> <uuf0sp$o69$7@solani.org>
<uuf17d$o69$8@solani.org> <uuf1vv$2lse9$1@dont-email.me>
<uuf23m$o69$10@solani.org> <uuf35f$2m58i$1@dont-email.me>
<uuf510$tfl$1@solani.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Mon, 01 Apr 2024 22:00:03 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="c5052260dac7a453616c524f7eecdb82";
logging-data="2881745"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18N4rz4HCR687Wc1iUxRKiaj5uYSxwfhR0rr8VXGTnJmg=="
User-Agent: slrn/pre1.0.4-9 (Linux)
Cancel-Lock: sha1:DSxQnEj/RPR6yDNOTjaIFUbJa2g=
X-Face: b{dPmN&%4|lEo,wUO\"KLEOu5N_br(N2Yuc5/qcR5i>9-!^e\.Tw9?/m0}/~:UOM:Zf]%
b+ V4R8q|QiU/R8\|G\WpC`-s?=)\fbtNc&=/a3a)r7xbRI]Vl)r<%PTriJ3pGpl_/B6!8pe\btzx
`~R! r3.0#lHRE+^Gro0[cjsban'vZ#j7,?I/tHk{s=TFJ:H?~=]`O*~3ZX`qik`b:.gVIc-[$t/e
ZrQsWJ >|l^I_[pbsIqwoz.WGA]<D
Bytes: 3575
Physfitfreak <physfitfreak@gmail.com> wrote at 20:21 this Monday (GMT):
> On 4/1/24 14:50, candycanearter07 wrote:
>>
>>>>>>>> Physfitfreak <physfitfreak@gmail.com> wrote at 18:46 this Monday (GMT):
>>>>>>>>> On 4/1/24 13:40, candycanearter07 wrote:
>>>>>>>>>> which sshd
>>>>>>>>>
>>>>>>>>> I get:
>>>>>>>>>
>>>>>>>>> hydrogen@hydrogen-OptiPlex-7050:~$ which sshd
>>>>>>>>> hydrogen@hydrogen-OptiPlex-7050:~$
>>>>>>>>>
>>>>>>>>> as if it just ignored it.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Weird, probably means it's not installed..
>>>>>>>
>>>>>>> I get the same result with command,
>>>>>>>
>>>>>>> which
>>>>>>>
>>>>>>> by itself. So it is something about the command, not sshd.
>>>>>>
>>>>>>
>>>>>> No, the command: which exists of course but requires an argument or
>>>>>> file. I don't know why running it by itself doesn't give error saying it
>>>>>> requires a file or argument.
>>>>>>
>>>>>> It responds to command: which ls as it's supposed to. So sshd,
>>>>>> whatever it is, is certainly not on my system.
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> Does sshd need to be on the system for security? Or is it the sshd
>>>>> itself that has provided a backdoor?
>>>>
>>>>
>>>> Unless you need to remote into your computer, sshd isnt /neccesary/.
>>>
>>>
>>> Oh, ok. I'll uninstall the two packages then. Thanks.
>>
>>
>> No problem. I have it installed as a backup, but leave the server off
>> unless I need it.
>
> I uninstalled both packages, and yet when I run the command it still
> says sshd is there:
>
> hydrogen@hydrogen-OptiPlex-7050:~$ which sshd
> /usr/sbin/sshd
>
>
> So it evidently cannot be removed by uninstalling. Is that how that
> "back door" works? I think I'll just directly delete it then.
>
>
>
>
Weird. Maybe it's being supplied by another package?
--
user <candycane> is generated from /dev/urandom