The size of libsystemd is immaterial in the case of xz. The attackers had contro... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		growse on May 1, 2024 \| parent \| context \| favorite \| on: Run0, a systemd based alternative to sudo, announc... The size of libsystemd is immaterial in the case of xz. The attackers had control of xz, and wanted to load it from sshd. There's lots of projects that link xz, big and small. Patching sshd to include any of them would have implemented the backdoor.

James_K on May 1, 2024 [–]

> But other software is also hypothetically insecure.

And I'm sure it'll be the same excuse next time.

growse on May 2, 2024 | [–]

> But other software is also hypothetically insecure.

This is not my point.

James_K on May 2, 2024 | | [–]

Yes it is [1].

[1] There's lots of projects that link xz

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact