Announcement

**LightBit** · 30 March 2024, 08:43 AM

Originally posted by HEL88 View Post

And there is proof that all bugs in linux are accidental????

How do you know if a particular vulnerability in Linux was not created on purpose???? Why do you make the assumption that always these vulnerabilities are due to oversight, accident, negligence????

Do you have any proof of this???

Did I say that? I said we should assume all software potentialy contains backdoors.

**HEL88** · 30 March 2024, 08:54 AM

Originally posted by LightBit View Post

Did I say that? I said we should assume all software potentialy contains backdoors.

But from Windows you demand proof of the lack of bacdoor.

And you yourself are unable to prove that the vulnerability in Linux is the result of coincidence and not intentional action (bacdoor embedding).

**LightBit** · 30 March 2024, 09:11 AM

Originally posted by HEL88 View Post

But from Windows you demand proof of the lack of bacdoor.

And you yourself are unable to prove that the vulnerability in Linux is the result of coincidence and not intentional action (bacdoor embedding).

Well, avis is so agressive about Windows being free of backdoors and demanding proof of backdoor. That is why I said that. I expect, if someone makes such strong statements to provide proof instead of demanding proof he is wrong.

This can not be proven. Not for Windows, not for Linux.

**aarondewes** · 30 March 2024, 09:20 AM

Lasse Collin seems to have started fixing stuff. It looks like there is/was more: https://git.tukaani.org/?p=xz.git;a=...cbe41b55823b00

**avis** · 30 March 2024, 09:27 AM

Originally posted by LightBit View Post

Well, avis is so agressive about Windows being free of backdoors and demanding proof of backdoor. That is why I said that. I expect, if someone makes such strong statements to provide proof instead of demanding proof he is wrong.

This can not be proven. Not for Windows, not for Linux.

I've now offered three people on these forums to hack my patched Windows 10 installation. Unfortunately no one has replied/agreed. Maybe I should offer a reward, I don't know.

Windows is choke full of backdoors made/enforced by NSA until people here cannot prove anything or even cite recent incidents of people getting hacked.

With literally tens of nations being the archenemies of the US why is it not happening? Why?

Myths, egregious lies, and conspiracies, that's why.

**Amaranth** · 30 March 2024, 09:41 AM

Originally posted by novideo View Post

Would my main PC with Devuan Ceres Xfce with runit instead of systemd be affected? Would this kind of exploit be possible without systemd?

Since no one got around to answering this through all the flamewars: the initial detection was loading the vulnerability via libsystemd (used for sd_notify) but sshd could end up being compromised via pam modules using libselinux as well. Not sure if this actually works, still too early to know all the details and I'm not willing to try it myself but based on the description of how the vulnerability gets itself in to sshd it should.

**andyprough** · 30 March 2024, 09:45 AM

Originally posted by avis View Post

I've now offered three people on these forums to hack my patched Windows 10 installation. Unfortunately no one has replied/agreed. Maybe I should offer a reward, I don't know.

Do we get to require you to install a few select packages from the Windows Store before we hack away at your Fort Knox of a setup?

**avis** · 30 March 2024, 10:03 AM

andyprough

I was talking about a standard base system and people here have endlessly claimed Windows is vulnerable/full of malware/backdoors out of the box.

No, I'm not installing anything just to compromise myself. Not a fan of rigging the game. With the same success you could have asked me to enable RDP, create an admin user and give you the credentials. I'm not so stupid.

**LightBit** · 30 March 2024, 10:33 AM

Originally posted by avis View Post

I've now offered three people on these forums to hack my patched Windows 10 installation. Unfortunately no one has replied/agreed. Maybe I should offer a reward, I don't know.

Windows is choke full of backdoors made/enforced by NSA until people here cannot prove anything or even cite recent incidents of people getting hacked.

With literally tens of nations being the archenemies of the US why is it not happening? Why?

Myths, egregious lies, and conspiracies, that's why.

If someone claims "Windows is choke full of backdoors", I expect proof. The same way I expect proof for "Windows has no backdoors".

So you are actually the same as those who claim Windows is full of backdoors. But you fail to see it, because you are so opinionated.

**novideo** · 30 March 2024, 10:36 AM

Originally posted by Amaranth View Post

Since no one got around to answering this through all the flamewars: the initial detection was loading the vulnerability via libsystemd (used for sd_notify) but sshd could end up being compromised via pam modules using libselinux as well. Not sure if this actually works, still too early to know all the details and I'm not willing to try it myself but based on the description of how the vulnerability gets itself in to sshd it should.

Thanks! I forgot to mention that while my system does not contain libsystemd0 as released by systemd and packaged by Debian, it does contain the elogind fork of systemd which implements large swathes of systemd, mainly the parts for logind and polkit to work. Would you happen to know if it contains this "sd-notify"? I don't have openssh server installed regardless.

Announcement

XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment