What's happening in the Linux community: xz backdoor, trust attack!

(To aless)

Just three days ago, on March 29, 2024, a new attack was discovered: it affected software open source which is part of the main Linux packages, it is XZ / liblzma library, a well-known compression tool.

The researcher and developer Andres Freund has discovered that in the last two versions of the Github connect remotely, basically one backdoor cuts.

There are many Linux distributions affected, among these there is Kali Linux, Fedora 40, Gentoo and Debian Sid and others.

Considerations to make about this type of attack

To begin with it must be said that the backdoor cuts was inserted by one of those who should ensure the maintenance of the software on github, in theory therefore someone you should be able to trust. This is an important point because it undermines trust in software open source, in theory safer because they can be inspected by anyone who wants (and is able to), in practice often managed with staff who work only occasionally and are not always proven reliable.

The second consideration concerns one of the affected distributions, Kali Linux. For those who don't know, Kali Linux is considered the specialized operating system for cyber security as it is equipped with countless tools. A blow to trust in Kali Linux!

The third consideration concerns the fact that the liblzma library is used by numerous other tools, including OpenSSH. OpenSSH is another open source software that allows a user to connect to a computer remotely if provided with the correct credentials. There backdoor cuts introduced seems to act precisely on the authentication process, carrying out a preventive check on the key entered by the hacker and authorizing his connection in the event of a positive response. This means having unlimited access to the attacked system. Once again, all of this is detrimental to the trust one should have in security software.

I think for now there is little else to say other than that the accident is currently under investigation and there may be interesting news shortly. 

Let's see what happens...

To learn more:

- https://www.openwall.com/lists/oss-security/2024/03/29/4

- https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-...