this post was submitted on 31 Mar 2024
83 points (95.6% liked)
Explain Like I'm Five
14270 readers
45 users here now
Simplifying Complexity, One Answer at a Time!
Rules
- Be respectful and inclusive.
- No harassment, hate speech, or trolling.
- Engage in constructive discussions.
- Share relevant content.
- Follow guidelines and moderators' instructions.
- Use appropriate language and tone.
- Report violations.
- Foster a continuous learning environment.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I was on EndeavourOS (Arch-derived), but switched to SUSE Tumbleweed like, this weekend.
But hold up
So if the backdoor is all about exploiting ssh to gain full system access, and ssh was never enabled in my OS I'm in the clear regardless?
Just to be sure, you should check whether SSHD is enabled:
sudo systemctl status sshd.service
If you never enabled it and it's disabled+inactive, then no need to reinstall Tumbleweed per the current guidance. Also you can double check your version of xz to make sure it's downgraded, the downgraded version for Tumbleweed should look like this:Checked. We good. Thanks, stranger.
What if it was enabled but it was disabled in the firewall so it could only be used from the device itself?
While the full extent of the exploit is not fully known, it seems specifically targeted at the sshd binary on deb and rpm based systems. If you've got that service disabled it should not have been running actively on your system. You should still perform whatever is needed to downgrade, but I would say you're in the clear.
What if you had the service enabled on an Arch based distro?
Each distribution is different but Arch has stated that they did have the exploit artifact in their version of xz but the artifact was not loaded into memory with sshd as their process does not link sshd with liblzma library.
More details below but highly recommend upgrade/downgrade anyways to remove the exploit code version.
https://archlinux.org/news/the-xz-package-has-been-backdoored/