Re: Disclosed backdoor in xz releases - FreeBSD not affected
Date: Sun, 07 Apr 2024 10:15:11 UTC
"Chen, Alvin W" <Weike.Chen@Dell.com> writes: > My understanding is: the 'xz' built from FreeBSD is not impacted, but > the 'xz' built from Linux and run based on FreeBSD Linux ABI could be > impacted. It is certainly possible to build liblzma with the backdoor on a Linux host (or in a Linux jail on a FreeBSD host) and run it on a FreeBSD host. However, the backdoor does nothing unless loaded into an sshd process, so you would still not be affected unless you were running a Linux sshd binary and that sshd binary loaded the backdoored liblzma. FreeBSD's sshd binary (whether from base or ports) does not load liblzma, and if it did, it would not be able to load a Linux version of the library. DES -- Dag-Erling Smørgrav - des@FreeBSD.org