PCDVD¼Æ¦ì¬ì§Þ°Q½×°Ï
(https://www.pcdvd.com.tw/index.php)
- ¤C¼L¤K¦Þ²§¨¥°ó
(https://www.pcdvd.com.tw/forumdisplay.php?f=12)
- - Linux°é¡y¦a¾_¡z¡G¥D¬y压缩¤u¨ãXZ³QÃn¦Z门¡A红´U¡BDebianµ¥发¤½§in¨D紧«æ°±¥Î
(https://www.pcdvd.com.tw/showthread.php?t=1207561)
|
---|
Linux°é¡y¦a¾_¡z¡G¥D¬y压缩¤u¨ãXZ³QÃn¦Z门¡A红´U¡BDebianµ¥发¤½§in¨D紧«æ°±¥Î
¥H¤U¤å¦r来¦ÛIT¤§®a报¹D¤Uªº评论¡C
TLDR: 刚读§¹¤F这两½g关¤_ xz-utils ¥]ªº¨Ñ应链§ð击说©ú¡A§ð击ªÌýÍ¥ñ¤F¤T¦~¡A«Üºë±m¡A¥u®t¤@点点´N¥i¥H©¹众¦h Linux 发¦æª©ªº sshd ª`¤J¦Z门¡A¥i¥Î¤_绕过±K钥验证¡A¦ZªG¤£³ô设·Q¡C ·§¬A¡G §ð击ªÌ JiaT75 (Jia Tan) ¤_ 2021 ¦~ª`册¤F GitHub 账号¡A¤§¦Z积Ìå参ÉO xz 项¥Øªº维护¡A¦}³v渐获¨ú«H¥ô¡A获±o¤Fª½±µ commit ¥N码ªº权§Q¡C JiaT75 ¦b³Ìªñ¤L个¤ëªº¤@¦¸ commit ¤¤¡A®¨®¨¥[¤J¤F bad-3-corrupt_lzma2.xz ©M good-large_compressed.lzma 两个¬Ý°_来¤H¯bÆÓ®`ªº测试¥Î¤G进¨î数Õu¡AµM¦Ó¦b编译脚¥»¡]ª`1¡^¤¤¡A¦b¯S©w条¥ó¤U会从这两个¤å¥ó¤¤读¨ú内®e对编译结ªG进¦æקï¡AP¨Ï编译结ªG©M¤½开ªº·½¥N码¤£¤@P¡C ¥Ø«eªì¨Bªº¬ã¨s显¥Ü¡Aª`¤Jªº¥N码会¨Ï¥Î glibc ªº IFUNC ¥h Hook OpenSSH ªº RSA_public_decrypt ¨ç数¡AP¨Ï§ð击ªÌ¥i¥H³q过ÌÛ³y¯S©wªº验证数Õu绕过 RSA 签¦W验证¡C¡]¨ãÊ^细节还¦b¤ÀªR¤¤¡^ ¥un¬O¦P时¨Ï¥Î¤F liblzma ©M OpenSSH ªºµ{§Ç´N会¨ü¨ì¼v响¡A³Ìª½±µªº¥Ø标´N¬O sshd¡]ª`2¡^¡A¨Ï±o§ð击ªÌ¥i¥HÌÛ³y¯S©w请¨D¡A绕过±K钥验证远µ{访问¡C ¨ü¼v响ªº xz-utils ¥]¤w经³Q¦}¤J Debian testing ¤¤进¦æ测试¡A§ð击ªÌ¦P时¤]¦b尝试¦}¤J fedora ©M ubuntu¡C ©¯运ªº¬O¡Aª`¤Jªº¥N码¦ü¥G¦s¦b¬YÏú Bug¡A导P¯S©w±¡úG¤U sshd ªº CPU ¥e¥Î飙¤É¡C³Q¤@¦ì¦w¥þ¬ã¨s¤H员ª`·N¨ì¤F¡A顺ÃúN¥Ê发现¤F这个阴谋¦}报§i给 oss-security¡AP¨Ï¦¹¨Æ败º|¡C ¦pªG¤£¬O¦]为这个 Bug¡A¨º¤\这¤\¦Z门¦³¤£§Cªº·§²v³Q¦}¤J¥D¬y发¦æª©ªº stable ª©¥»¡A®£©È会¬O¤@¥ó«e©Ò¥¼¦³ªº«¤j¦w¥þ¨Æ¥ó¡C ¥t¥~从¤@¨Ç细节¯à¬Ý¥X来§ð击ªÌ«D±`¥Î¤ß¡G §ð击ªÌ抢¦b ubuntu beta freeze ªº¤L¤Ñ«e¤~尝试让·sª©¥»¦}¤J¡A¥H´Á±æú£¤Ö¦b测试´Á间³Q发现ªº时间¡C xz-utils 项¥Øªºì维护ªÌ Lasse Collin (Larhzu)¡A¦³þÓ©w´Á进¦æ internet breaks ªº习惯¡A¦Ó¥B³Ìªñ¥¿¦b进¦æ¡A导P这¨Ç变动¥L¦}没¦³ review ªºÉó会¡A§Y¨Ï¨ì现¦b¤]没¯à联¨t¤W¥L¥»¤H¡C这¥i¯à¤]¬O§ð击ªÌ选©w xz-utils 项¥Øªºì¦]¤§¤@¡C §ó¦hªº细节还¦b³Q¤ÀªR¤¤¡A¥Ø«e GitHub ¤w经关°±¤F¾ã个 xz 项¥Ø¡C ª`1¡G仓库¤¤ªºÌÛ«Ø脚¥»没¦³问题¡A¦ý¬O随·sª©¥»发¥¬ªº·½¥N码¥´¥]¡]tarball¡^¤¤ªºÌÛ«Ø脚¥»¤¤²K¥[¤F对¦Z门ªº§Q¥Î¡C这导Pª½±µ¨Ï¥Î·½¥N码¥]ªº¥Î户Ì۫ؤF带¦³¦Z门ªºµ{§Ç¡C ª`2¡GÕu¨ä¥L来·½¡A¨ü¼v响ªº sshd ¬O Debian ©M Ubuntu µ¥¨t统经过קï¦Z¤ä«ù systemd notification ªºª©¥»¡Cxz ¬O systemd ªº¨Ì赖¡A¤£¬O sshd ªºª½±µ¨Ì赖¡C https://twitter.com/Blankwonder/sta...921956615877110 |
macos ªº homebrew ¬Q¤Ñ¬O¥Î°¯Å xz ªº¤è¦¡³B²z³oÓ°ÝÃD
¬ù 15 ¦~«e¡Axz ¶}©l§@¬°¦U¤jµo¦æª©®M¥óªº¹w³]À£ÁY®æ¦¡ ³Ìªñ³o´X¦~¤w¸gºCºC§ï¬° zstd ¤F |
Everything I Know About the Xz Backdoor
https://boehs.org/node/everything-i...the-xz-backdoor :mad: :mad: :mad: |
§Úì¥ý¬O¥ÎFedora , «á¨Ó´NºCºC§ï¦¨CentOS , ¬Q¤Ñ¬Ý¨ì«á´N»°¦£¬Ý¤@¤Uxzªºª©¥»
ÁÙ¦n,§Ú¬O 5.2.xªºª©¥» , ¤£¬O5.6 .... :ase :ase :ase |
¤Þ¥Î:
¤Þ¥Î:
³oÓ win 11 ¤]¦³¥Î¡C https://technews.tw/2023/05/24/windows-11-rar/ ¤Þ¥Î:
|
ª¾¦W开·½软¥ó·tÂäì马¡H´¦ÅS»W谋长达2¦~¥bªº¸o恶¡I
#¤ì马 #XZ #·L软 #¶Â«È #¯f¬r #«Â胁 #¨Ñ应链§ë¬r #linux #Github https://www.youtube.com/watch?v=8QI...J_Zjitw&index=5 |
¬Ý¤F¤@¤U¨S¦³²z¸Ñ¥¦«ç»ò°µ¨ì
¦³¬d¨ì³oÓ https://www.stigviewer.com/stig/vmw...finding/V-39285 sshd compression ¹w³]ȬO delayed¡A¤]´N¬O»{ÃÒ«á¤~·|±Ò¥ÎÀ£ÁY |
©Ò¦³ªº®É¶¡§¡¬°GMT +8¡C ²{¦bªº®É¶¡¬O08:45 PM. |
vBulletin Version 3.0.1
powered_by_vbulletin 2024¡C