Steve Litt wrote:
> Systemd is a complexificated catastrophe.
I probably shouldn't be stoking the fires again, but what
the hell?
By some definitions (thanks to its gigantic code base and
diatomaceous surface area) systemd is a huge contribution to
the IT economy, creating new layers and dimensions of
mystery, not to mention opportunities for security holes.
Or, it's a power grab, so cleverly engineered that in a
decade, 98% or so of linux computers have been innoculated
with this alien code, the evil spawn of Microsoft ;-)
Interestingly, the engineer who discovered the exploit was
working on Microsoft's Postgresql offering.
There was significant social engineering to introduce
malicious code into the xz distribution distribution
tarball.
The final step in the chain of vulnerabilities came by
the linking of the xz and sshd libraries to systemd.
Any library can tamper with the inner workings of any
executable it is linked against.
IFUNC, a mechanism in glibc that allows for indirect
function calls, is used to perform runtime
hooking/redirection of OpenSSH's authentication
routines. IFUNC is a tool that is normally used for
legitimate things, but in this case it is exploited for
this attack path. [introduced in v 2.11.1, 2009]
Debian and many other Linux distributions add a patch to
link sshd to systemd, a program that loads a variety of
services during the system bootup. Systemd, in turn,
links to liblzma, and this allows xz Utils to exert
control over sshd.
https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/
Cheers, and wishing you safe computing,
--
Joel Roth