:: Re: [DNG] ..are we|Devuan safe from…
Top Pagina
Delete this message
Reply to this message
Auteur: terryc
Datum:  
Aan: dng
Onderwerp: Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?
On Sat, 1 May 2021 17:11:48 +0200
Didier Kryn <kryn@???> wrote:

> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit :
> > On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message
> > <20210430143720.7311bc82@d44>:
> >
> >
> >> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/
> > ..how it works:
> > https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
>
>
>     This backdoor is targetting systemd and gvfs.
>
>     It is not very surprising that systemd is targetted, since it is
> present (by force) in most installed Linux systems.


Unfortunately there are systemd libraries installed by Devuan-beowulf
desktop installation DVD.

There are in
/ver/lib/
/lib
/etc and
/run

It appears to be something in the base system as both the headless
systems I recently set up have/had* them.

Optins selected were
console stuff
print server,
ssh server
and what ever is last.

One system did have xfce-xfce4 selected, but the libraries and not
dependant on these.

*rm -rf systemd on the relevant directories doesn't seem to affect
anything. I did this as 'aptitude search systemd' didn't list any
packages installed.

Memo to self; use minimal installation next time.